[Aptitude-devel] APT::Authentication and local sources

Daniel Burrows dburrows at debian.org
Tue Mar 11 14:36:19 UTC 2008

On Tue, Mar 11, 2008 at 11:09:10AM +0100, Sébastien NOBILI <sebnewsletter at free.fr> was heard to say:
> I've found « APT::Authentication::TrustCDROM "true"; » in my apt.conf an
> I'd like to find an equivalent telling APT to trust local sources
> (accessed via « file:/ ») or any other way to indicate that these sources
> can be trusted.

  There doesn't appear to be an equivalent for local sources.  One
could be written in about 5 minutes if you convince the apt development
team it should exist, but I don't know if there are security issues I'm
not thinking of that led them to leave it out.

  The closest open bug I see is #316274, which sounds similar but would
be trickier to implement (or so I suspect).

> I don't want to use « APT::Get::AllowUnauthenticated » as I'm still
> using some online sources.
> First of all, is it the correct place for such a question ? If not,
> could anyone point me to the correct list / website ?
> Second, does anyone have clues / solutions / anything to properly get rid
> of this warning ?

  This isn't the right place; it's a development list for one of the
front-ends to apt.  You should ask on debian-user at lists.debian.org or
on deity at lists.debian.org, or file a wishlist bug on apt (which will be
sent to deity@).

  You could create your own signing key and use "apt-key add" to add it
to the trusted set.  There are instructions on signing an archive in
apt-secure(8).  That would make the errors go away without you having to
wait for the apt team to get around to looking at this.


More information about the Aptitude-devel mailing list