I am the originator of this bug report. I have since found out what is going on here. You can read all about it here: http://www.ckintl.biz/index.php?id=62 & http://www.debianhelp.org/node/7985
Basically this behavior is a by-product of the newish "secure apt". If a package is found in more then one archive, some signed and some unsigned, then default behavior is to go with the signed archives and ignore the unsigned archives. This is probably a good thing. My local archive is not signed, therefore it is not used. To over-ride this default behavior, I just added APT::Get::AllowUnauthenticated "true"; to /etc/apt/apt.conf on my client machines, and now my local Debian archive server is working, with the appropriate "packages cannot be authenticated" warning. I believe apt is working as designed, and this bug report should be treated as a documentation bug report to make this behavior known in APT's docs. Clayton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]