On 2011-04-17 17:29, Julian Andres Klode wrote: > We discussed three options: > 1. Renaming inRelease files to Release files > 2. Rewriting inRelease files to Release files > 3. Adding an inRelease.notverified file > > The third option looked ugly, as it required changes in unrelated parts > of APT. The second option was the most elegant one, but also very > complex. We chose the first option as it worked immediately, required > minimal changes to APT, and DonKult preferred it, mvo preferred option > 2, and I did not like 3 and found 2 too complex.
Interesting. I would prefer option 3 or checking signatures on the fly (it's what Cupt does when the appropriate APT compatibility option is switched off). > It also is easy to implement for others who use APT-internal data, such > as cupt: If the first line is "-----BEGIN PGP SIGNED MESSAGE-----", skip > the first 3 lines. True, but it's still a (small) hack. OTOH, indeed, APT is free to do whatever it wants with its internal data. > Note: An option that could be implemented now is to use InRelease files > if they exist already in /var/lib/apt/lists, and fallback to Release > files otherwise. This requires no interface changes in cupt, and is > backwards-compatible. I have to say I'm not comfortable applying that, it's a hack and I'm not sure it will work for all corner cases. Maybe, I will use some parts of the attached patch when implementing multiple Release file types properly, I plan to do this early enough for Wheezy. And thanks for explanations. -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com C++/Perl developer, Debian Developer -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
