We got kicked off IRC due to crappy wireless at this coffee shop, so here are our thoughts:
First of all, despite what we were saying initially on IRC, if you're prompting before the packages are actually downloaded, then there are no problems with polluting the cache, no? The other issue about displaying which sources (in addition to which packages) were insecure is probably less pressing. So if there is no cache problem, this seems quite doable for sarge. Some responses to your previous emails: On Sun, 2003-09-07 at 16:10, Matt Zimmerman wrote: > Oh, another thing. The error/warning situation could probably use some > cleanup. While at this point, someone who installs the new code on an > existing setup will continue to have a functional apt (with the addition of > the confirmation question), but they will get a bunch of warnings from > apt-get update as it tries to verify signatures and finds that it doesn't > have a keyring (or maybe even gnupg). We should have apt Depend: on gnupg, and also ship a default keyring with the Debian ftp keys, perhaps with a prompt for whether or not to trust the keys. On Sat, 2003-09-06 at 21:46, Matt Zimmerman wrote: > A couple of other things. > > - It looks like pkgAcqIndexRel isn't used anymore. If this is correct, I > think we should remove it. I think this is still used for semi-obscure pinning purposes. We should probably try to merge that back into the main Release file. > - I'm torn about how to handle the situation where a Release file is > signed, > but the public key isn't available. On one hand, I don't want to > issue a > warning all the time, because I think it will be a normal situation. This doesn't seem like a very normal situation - if you don't trust the source, then you don't trust the source, and you should see a warning.
