> We verify the data before moving it to the final directory. If it is > there, it is either valid, or we have no key for it, or it is unsigned > (the latter two will disappear / be disabled at some point I think). > > We had some issues where that validation succeeded where it should not > (for example, on proxies returning a 200 OK page html page for every > request, because the parser would not have any signatures to check > then). They should be fixed now in newer releases I think. > > If you have a concrete issue, it would be great if you let us know, > but this bug is too generic. And re-verification is too expensive to > do anyway.
The problem it is possible that cached data prevents `apt-get update` from working, even if currently all data on the server is valid. Another problem is that to make apt-get work again, it is necessary to manually clean /var/lib/apt/lists/partial. Also, some ISPs hijack all HTTP requests with 200 OK html page if you, for example, don't pay in time. After Internet access is restored, it is expected that running `apt-get update` would update package lists despite invalid data being returned previously, but this is not true. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
