[Aptitude-devel] Bug#679022: does not state domain of unauthenticated/unsigned packages
Richard Betham
richard at betham.org.uk
Mon Jun 25 18:43:14 BST 2012
Package: aptitude
Version: 0.6.7-1
I am testing debian-testing-i386-DVD-1.iso .
I gave command:
aptitude install ttf-dejavu
.
the response included "
The following NEW packages will be installed:
ttf-dejavu ttf-dejavu-extra{a}
0 packages upgraded, 2 newly installed, 0 to remove and 0 not
upgraded.
Need to get 0 B/3530 kB of archives. After unpacking 6795 kB will be
used.
Do you want to continue? [Y/n?]"
I responded "Y
"
It responded
"WARNING: untrusted versions of the following packages will be
installed!...."
It did not tell me where these packages would come from.
I would like to know the domain names of the repositories, and
possibly the dist names BEFORE I decide whether to proceed with the
installation.
In command-line mode, perhaps a list on domain names and 'dists' is
best.
In interactive mode, where aptitude displays a list of unsigned
packages, perhaps it could show the domain name and 'dist' for each
package.
If the packages are on my hard disk drive, or on a CD-ROM in my
computer, then I can make a decision.
If the packages are elsewhere, accessible only over the Internet,
then I require a digital signature.
I had edited the file /etc/apt/sources.list, its contents are:
deb file:///media/cdrom0/ wheezy contrib main
.
If people update their computers over Wi-Fi links, then the digital
signature on the Release package is important.
I have filed a bug report about this as a bug in package 'apt',
Bug#678990 .
However, if 'apt' is altered, then perhaps 'aptitude' should also be
altered.
Thank you very much for maintaining 'aptitude', I find it very
useful.
Best regards
Richard Betham
More information about the Aptitude-devel
mailing list