Bug#679022: does not state domain of unauthenticated/unsigned packages
On 27 June 2012 00:11, Richard Betham rich...@betham.org.uk wrote: I have copied the directory trees /media/cdrom0/pool , and /media/cdrom0/dists to a new directory /wheezy/. I have altered /etc/apt/sources.list to: deb file:///wheezy/ wheezy contrib main I am testing debian-testing-i386-DVD-1.iso . A wheezy cd image here has no Release.gpg or InRelease files required for verification. If your image is similar and you do trust it, sources.list can be altered to indicate this: deb [ trusted=yes ] file:///wheezy/ wheezy contrib main I would like to know where unsigned-for packages are before I decide whether to install. Noted. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679022: does not state domain of unauthenticated/unsigned packages
Thank you very much for your e-mail. If only I had used: man sources.list and searched for 'trust', then I need not have troubled you. Very best regards Richard Betham On Wednesday 27 June 2012 08:26:16 Daniel Hartwig wrote: On 27 June 2012 00:11, Richard Betham rich...@betham.org.uk wrote: I have copied the directory trees /media/cdrom0/pool , and /media/cdrom0/dists to a new directory /wheezy/. I have altered /etc/apt/sources.list to: deb file:///wheezy/ wheezy contrib main I am testing debian-testing-i386-DVD-1.iso . A wheezy cd image here has no Release.gpg or InRelease files required for verification. If your image is similar and you do trust it, sources.list can be altered to indicate this: deb [ trusted=yes ] file:///wheezy/ wheezy contrib main I would like to know where unsigned-for packages are before I decide whether to install. Noted. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679022: does not state domain of unauthenticated/unsigned packages
I have copied the directory trees /media/cdrom0/pool , and /media/cdrom0/dists to a new directory /wheezy/. I have altered /etc/apt/sources.list to: deb file:///wheezy/ wheezy contrib main . Then I gave command : aptitude install ttf-dejavu . It gave the same result as before. It failed to state that these packages were in my machine. I would like to know where unsigned-for packages are before I decide whether to install. Best Regards Richard Betham On Tuesday 26 June 2012 03:08:34 Daniel Hartwig wrote: On 26 June 2012 01:43, Richard Betham rich...@betham.org.uk wrote: WARNING: untrusted versions of the following packages will be installed! I had edited the file /etc/apt/sources.list, its contents are: deb file:///media/cdrom0/ wheezy contrib main . Such sources should be configured by apt-cdrom(8); if you do so then you should not receive the warning. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679022: does not state domain of unauthenticated/unsigned packages
Package: aptitude
Version: 0.6.7-1
I am testing debian-testing-i386-DVD-1.iso .
I gave command:
aptitude install ttf-dejavu
.
the response included
The following NEW packages will be installed:
ttf-dejavu ttf-dejavu-extra{a}
0 packages upgraded, 2 newly installed, 0 to remove and 0 not
upgraded.
Need to get 0 B/3530 kB of archives. After unpacking 6795 kB will be
used.
Do you want to continue? [Y/n?]
I responded Y
It responded
WARNING: untrusted versions of the following packages will be
installed!
It did not tell me where these packages would come from.
I would like to know the domain names of the repositories, and
possibly the dist names BEFORE I decide whether to proceed with the
installation.
In command-line mode, perhaps a list on domain names and 'dists' is
best.
In interactive mode, where aptitude displays a list of unsigned
packages, perhaps it could show the domain name and 'dist' for each
package.
If the packages are on my hard disk drive, or on a CD-ROM in my
computer, then I can make a decision.
If the packages are elsewhere, accessible only over the Internet,
then I require a digital signature.
I had edited the file /etc/apt/sources.list, its contents are:
debfile:///media/cdrom0/ wheezy contrib main
.
If people update their computers over Wi-Fi links, then the digital
signature on the Release package is important.
I have filed a bug report about this as a bug in package 'apt',
Bug#678990 .
However, if 'apt' is altered, then perhaps 'aptitude' should also be
altered.
Thank you very much for maintaining 'aptitude', I find it very
useful.
Best regards
Richard Betham
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679022: does not state domain of unauthenticated/unsigned packages
On 26 June 2012 01:43, Richard Betham rich...@betham.org.uk wrote: WARNING: untrusted versions of the following packages will be installed! I had edited the file /etc/apt/sources.list, its contents are: deb file:///media/cdrom0/ wheezy contrib main . Such sources should be configured by apt-cdrom(8); if you do so then you should not receive the warning. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
