Re: Archive of squeeze-lts ?
Hi, just stumbled upon this old discussion and have to add my 2 cents: On 03/29/2016 12:04 AM, Antoine Beaupré wrote: > I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) > The key did not expire. It's the "Valid-Until" date set in the (signed with a non-expired key) Release file that elapsed... and this is exactly its purpose. sqeeze-lts is the only repository on archive.d.o that behaves like that. Neither squeeze nor squeeze-backports nor squeeze-security do nor anything really 'historic'. AFAICT squeeze-lts is the only repository implementing this flag at all. Is that correct? Let you know when you don't have the latest version and right now there's no "latest version" any more since the release is no longer maintained. Don't you think that people explicitly fetching packages from archive.d.o are well aware that these are not supported any more? Their apt config had already been broken when squeeze(-*) has been removed from ftp.d.o. That should be warning enough. Putting 'Acquire::Check-Valid-Until "false";' in apt.conf (and eventually keeping that after Wheezy upgrade) is not really a recommendable solution. After all this flag affects all sources. Have a nice weekend, Christopher
Re: Archive of squeeze-lts ?
On Thu, 24 Mar 2016, Luke Hall wrote: I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) On 24.03.16 17:43, Alexander Wirt wrote: Thats expected and won't change. Time to upgrade. On 2016-03-27 15:01:01, Matus UHLAR - fantomas wrote: some time ago I have upgraded few lenny hosts (on private networks) from achive to latest lenny available, without error message of this kind. Happily works before I'm able to transfer services to new installation. I would like to do the same with squeeze withoud need to manually avoid the apt warnings... On 28.03.16 18:04, Antoine Beaupré wrote: Unfortunately, this won't be possible. They key expired and, since squeeze was archived, it is not possible (or at least, really inconvenient and unusal) to renew that key. funny, I was able to do the above with expired key, from archive.d.o. the archive key was expired, the only difference was release file not expired... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself.
Re: Archive of squeeze-lts ?
On Mon, 28 Mar 2016, Antoine Beaupré wrote: > > some time ago I have upgraded few lenny hosts (on private networks) from > > achive to latest lenny available, without error message of this kind. > > Happily works before I'm able to transfer services to new installation. > > > > I would like to do the same with squeeze withoud need to manually avoid the > > apt warnings... > > Unfortunately, this won't be possible. They key expired and, since > squeeze was archived, it is not possible (or at least, really > inconvenient and unusal) to renew that key. The key did not expire. It's the "Valid-Until" date set in the (signed with a non-expired key) Release file that elapsed... and this is exactly its purpose. Let you know when you don't have the latest version and right now there's no "latest version" any more since the release is no longer maintained. Lenny did not have that feature so you were subject to replay attacks (showing you an old mirror with known security vulnerabilities). Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Re: Archive of squeeze-lts ?
On 2016-03-27 15:01:01, Matus UHLAR - fantomas wrote: >>On Thu, 24 Mar 2016, Luke Hall wrote: >>> I'm seeing this when trying to fetch lts packages from >>> archive.debian.org at the moment. Anyone know a good contact for them? >>> >>> E: Release file expired, ignoring >>> http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid >>> since 9d 1h 10min 4s) > > On 24.03.16 17:43, Alexander Wirt wrote: >>Thats expected and won't change. Time to upgrade. > > some time ago I have upgraded few lenny hosts (on private networks) from > achive to latest lenny available, without error message of this kind. > Happily works before I'm able to transfer services to new installation. > > I would like to do the same with squeeze withoud need to manually avoid the > apt warnings... Unfortunately, this won't be possible. They key expired and, since squeeze was archived, it is not possible (or at least, really inconvenient and unusal) to renew that key. A. -- Every one of us is, in the cosmic perspective, precious. If a human disagrees with you, let him live. In a hundred billion galaxies, you will not find another. - Carl Sagan
Re: Archive of squeeze-lts ?
On Thu, 24 Mar 2016, Luke Hall wrote: I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) On 24.03.16 17:43, Alexander Wirt wrote: Thats expected and won't change. Time to upgrade. some time ago I have upgraded few lenny hosts (on private networks) from achive to latest lenny available, without error message of this kind. Happily works before I'm able to transfer services to new installation. I would like to do the same with squeeze withoud need to manually avoid the apt warnings... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: teaching people to ignore warnings is bad (Re: Archive of squeeze-lts ?)
Hi, Am 25.03.2016 um 00:26 schrieb Holger Levsen: > Hi, > > On Thu, Mar 24, 2016 at 07:26:22PM +0100, Markus Koschany wrote: >> squeeze-lts has been archived on archive.debian.org. The warning is >> valid and it reminds people that the support for Squeeze has ended. >> >> If you want to ignore this warning you can use the following apt-get option: > [...] >> However Alexander is absolutely right, our recommendation is to upgrade >> to a supported version either Wheezy or Jessie. > > I'm really not sure that teaching people to ignore apt warnings is the > best way to tell them that they need to upgrade. IMO this is mixing two > topics, in a bad way. That was surely not my intention and I think I made it clear what the best course of action is. This is rather misinterpreting my intent. I also don't see any harm in mentioning (not teaching, not recommending) an apt option which is well documented in man apt.conf. Everyone should know that to ignore warnings may have consequences. Nevertheless everyone should also have the right to evaluate this for oneself. > At least I would have appreciated if the signing key would have been > valid a bit longer, maybe 2-4 weeks, so people have some more time to > safely do upgrades. That's a good suggestion and we should keep that in mind and talk to the ftp team next time. I will document this as an improvement suggestion on https://wiki.debian.org/LTS/Development, if there are no objections. > For announcing that people should upgrade we do have several channels, > be it mailinglists or our bits of Debian news blog as well as > www.debian.org. I think we meticulously announced this at least twice https://www.debian.org/News/2016/20160212 https://lists.debian.org/debian-lts-announce/2016/03/msg0.html and we have already announced the EOL date for Wheezy-LTS. What else can we do? > Also, we moved the suite from ftp.d.o to archive.d.o, so people do need > to change their sources.list… this alone should also make it clear > enough that squeeze is, well, archived. Right. Regards, Markus signature.asc Description: OpenPGP digital signature
teaching people to ignore warnings is bad (Re: Archive of squeeze-lts ?)
Hi, On Thu, Mar 24, 2016 at 07:26:22PM +0100, Markus Koschany wrote: > squeeze-lts has been archived on archive.debian.org. The warning is > valid and it reminds people that the support for Squeeze has ended. > > If you want to ignore this warning you can use the following apt-get option: [...] > However Alexander is absolutely right, our recommendation is to upgrade > to a supported version either Wheezy or Jessie. I'm really not sure that teaching people to ignore apt warnings is the best way to tell them that they need to upgrade. IMO this is mixing two topics, in a bad way. At least I would have appreciated if the signing key would have been valid a bit longer, maybe 2-4 weeks, so people have some more time to safely do upgrades. For announcing that people should upgrade we do have several channels, be it mailinglists or our bits of Debian news blog as well as www.debian.org. Also, we moved the suite from ftp.d.o to archive.d.o, so people do need to change their sources.list… this alone should also make it clear enough that squeeze is, well, archived. Maybe something to reconsider for when wheezy will be archived… -- cheers, Holger signature.asc Description: Digital signature
Re: Archive of squeeze-lts ?
On 2016-03-24 13:59:34, Johnathon Tinsley wrote: >>> >>> I'm seeing this when trying to fetch lts packages from >>> archive.debian.org at the moment. Anyone know a good contact for them? >>> >>> E: Release file expired, ignoring >>> http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid >>> since 9d 1h 10min 4s) >> Thats expected and won't change. Time to upgrade. > > So.. you're dumping all of the work the squeeze-lts team did, rather > than archiving it? How is that fair on the contributors, or the sponsors? Hm... the archive is there, the key just expired. Not sure what the archive.debian.org people can do about this. > Assuming someone *has* to use squeeze for some reason, this'll give them > that many more security vulnerabilities over just even the old > squeeze-lts archive? It will give them the old squeeze-lts archive, provided they ignore he security warning somehow. I *think* there is a way to do that in Apt. A. -- C'est trop facile quand les guerres sont finies D'aller gueuler que c'était la dernière Amis bourgeois vous me faites envie Ne voyez vous pas donc point vos cimetières? - Jaques Brel
Re: Archive of squeeze-lts ?
Am 24.03.2016 um 18:59 schrieb Johnathon Tinsley: >>> >>> I'm seeing this when trying to fetch lts packages from >>> archive.debian.org at the moment. Anyone know a good contact for them? >>> >>> E: Release file expired, ignoring >>> http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid >>> since 9d 1h 10min 4s) >> Thats expected and won't change. Time to upgrade. >> > > So.. you're dumping all of the work the squeeze-lts team did, rather > than archiving it? How is that fair on the contributors, or the sponsors? > > Assuming someone *has* to use squeeze for some reason, this'll give them > that many more security vulnerabilities over just even the old > squeeze-lts archive? squeeze-lts has been archived on archive.debian.org. The warning is valid and it reminds people that the support for Squeeze has ended. If you want to ignore this warning you can use the following apt-get option: -o Acquire::Check-Valid-Until=false sudo apt-get -o Acquire::Check-Valid-Until=false update However Alexander is absolutely right, our recommendation is to upgrade to a supported version either Wheezy or Jessie. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Archive of squeeze-lts ?
>> I'm seeing this when trying to fetch lts packages from >> archive.debian.org at the moment. Anyone know a good contact for them? >> >> E: Release file expired, ignoring >> http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid >> since 9d 1h 10min 4s) > Thats expected and won't change. Time to upgrade. Fair enough :) Thanks guys. signature.asc Description: OpenPGP digital signature
Re: Archive of squeeze-lts ?
On Thu, 24 Mar 2016, Luke Hall wrote: > Hi, > > I'm seeing this when trying to fetch lts packages from > archive.debian.org at the moment. Anyone know a good contact for them? > > E: Release file expired, ignoring > http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid > since 9d 1h 10min 4s) Thats expected and won't change. Time to upgrade. Alex signature.asc Description: PGP signature
Re: Archive of squeeze-lts ?
Hi, I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) On 10/03/16 18:22, Chris Lamb wrote: > Hi Marc, > >> I am under the impression that most mirrors, in the world, have >> emptied their squeeze-lts mirror. If yes, where can the files >> be found ? > > archive.debian.org :) > > > Best wishes, > signature.asc Description: OpenPGP digital signature
Re: Archive of squeeze-lts ?
Hi Marc, > I am under the impression that most mirrors, in the world, have > emptied their squeeze-lts mirror. If yes, where can the files > be found ? archive.debian.org :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Archive of squeeze-lts ?
Hello, I am under the impression that most mirrors, in the world, have emptied their squeeze-lts mirror. If yes, where can the files be found ? Thank you.
