Francesco Poli <f...@firenze.linux.it> writes: > Hi! > > Is there any progress on the implementation of a field in sources.list > that allows to specify that a given repository is to be trusted, even > without signature checking? > > It would be really useful for local (i.e.: created on the same box > where they will be used) trivial repositories, where you do not want to > setup the necessary infrastructure for signing Release files, and so > forth... > > Please let me know. > Thanks in advance.
I'm waiting for a reaction to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536029 before rewriting the old [TRUSTED] patch to support: - deb [key=0x1AB52325534,0x3475BDF478] ... Only accept signatures by one of the listed fingerprints - deb [keyring=foobar.gpg] ... Use foobar.gpg to verify the signatures and only foobar.gpg. deb [trust=always|never] .... Ignore the Release signature and just always or never trust the source. "always" would be for file:// or sources on the local network where you don't care if it is unsigned. "never" would be for repositories you want to always be asked before they are used and which should not replace packages from more trusted repositories. #536029 already contains the general parser for the fields. So I'm waiting for it to be added. MfG Goswin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org