On Wed, Dec 31, 2003 at 02:12:22AM -0800, Ryan Murray wrote: > Package: apt > Version: 0.6.6 > Severity: important > Tag: experimental > > CheckAuth checks if APT::Get::Assume-Yes is true to bypass the check. > This is problematic for build daemons, where you don't want to allow > package statuses to be changed unless requested by the buildd (what > APT::Get::Assume-Yes only did before the secure patch), but you do > want to allow unauthenticated packages. A seperate config variable should > be used for this. APT::Get::AllowUnauthenticated or so?
Actually, the test works the other way around. If Assume-Yes is set, unauthenticated packages are rejected (fail safe). It assumes "Yes" to the prompt, which asks whether to abort. mizar:[~/src/deb/mine/cvs/apt/po] sudo apt-get -y install hello-debhelper Reading Package Lists... Done Building Dependency Tree... Done The following NEW packages will be installed: hello-debhelper 0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded. Need to get 49.4kB of archives. After unpacking 483kB of additional disk space will be used. WARNING: The following packages cannot be securely authenticated! hello-debhelper Aborted. There is currently no way to bypass this check at all. I'll add one in 0.6.8. -- - mdz
