[Aptitude-devel] Bug#706183: Bug#706183: "WARNING: untrusted versions of the following packages will be installe vague
Daniel Hartwig
mandyke at gmail.com
Fri Apr 26 03:01:57 UTC 2013
On 25 April 2013 21:16, Nomen Nescio <nobody at dizum.com> wrote:
> Package: aptitude
> Version: 0.6.3-3.2+squeeze1
> Severity: wishlist
>
> The following warning is too vague:
>
> vague warning> WARNING: untrusted versions of the following packages will be installed!
> vague warning>
> vague warning> Untrusted packages could compromise your system's security.
> vague warning> You should only proceed with the installation if you are certain that
> vague warning> this is what you want to do.
> vague warning>
> vague warning> libswscale0 libavutil50 libdrm-radeon1 libdrm2 libvpx0 libdrm-intel1 libpostproc51
> vague warning>
> vague warning> Do you want to ignore this warning and proceed anyway?
>
> Why is it untrusted? Are the keys missing from the users keyring?
> Are the keys present, but expired? Are the packages signed or
> unsigned?
>
What difference the distinction make? If the key is not present,
valid, and the packages signed, they are untrusted.
This general warning is sufficient to alert the local admin to a
problem, which they can investigate. It is not expected to be common,
and if the warning persists then the system is misconfigured.
The alternative is to group the untrusted packages by the one or
multiple underlying causes, which may involve e.g. multiple different
expired keys. Now that is a long winded and complex dialog, with very
little benefit as it is trivial to investigate the cause outside of
aptitude.
More information about the Aptitude-devel
mailing list