On Mon, 8 Sep 2003, Matt Zimmerman wrote: > I think the warning during update is superfluous because the user will be > asked for confirmation when installing packages. I might add a source to my > sources.list that I don't generally trust, knowing that apt will ask for > confirmation before installing packages from it. However, I would still get > a warning on every single apt-get update.
Any sort of query during install isn't going to work so well without much bigger changes. Mostly this has to do with the way multiple instances of the same package are handled, the various origins are not uniquified and it cannot retain the md5sum information to figure out what makes sense. So even though it says it's coming from a secure source because one instance is listed as secure it may very well decide to download and verify it from an insecure one. I haven't the faintest clue about how you'd go about fixing this. Basically you have to sign off at update time and you need to ensure your sources.list has what you want then. Jason
