On Tue, Aug 26, 2003 at 10:07:51PM +0200, Filip Van Raemdonck wrote: > On Thu, Aug 21, 2003 at 03:33:50PM -0400, Matt Zimmerman wrote: > > I would say that by default, it should go ahead and use the unsecured > > sources, but display a warning to the user. > <...> > > If a user asks to install (or upgrade!) a package, and the selected > > version is coming from an insecure source, I think apt should warn > > loudly about this, and ask for confirmation. > > And add an option (defaulting to false I suppose given the earlier > conversation) to actually bail out instead of asking? Thinking about > semi-automated update scripts here - which may want to _not_ upgrade > instead of forcing upgrades when something strange happens.
Of course, it would work just like the other prompts in apt, and do something sane if a non-interactive mode is requested. > > A force option could be provided, but I think it would be better to make > > it a no-brainer for a source to be secured. > > Actually, wouldn't a force (install) option be a bad idea even in the > above situation? If someone messes with that company's internet connection > and redirects *.debian.org to his own, unsigned archive, the force install > options would have their scripts happily ignore the lack of a key. There are all sorts of reasons why it would be a bad idea to force it, but sometimes you need to let the user decide their own risks rather than trying to decide for them. -- - mdz
