rename the options, document them and reorder the changelog a bit

4 files changed, 46 insertions, 10 deletions

diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index cdc2897bf..3bde7437d 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -104,9 +104,9 @@ bool indexRecords::Load(const string Filename)				/*{{{*/
       }
    }
    // get the user settings for this archive and use what expires earlier
-   int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0);
+   int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0);
    if (Label.empty() == true)
-      MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge);
+      MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge);
 
    if(MaxAge == 0) // No user settings, use the one from the Release file
       return true;
diff --git a/debian/changelog b/debian/changelog
index 049999230..c3f7a3e25 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,25 @@
-apt (0.7.26~exp5) experimental; urgency=low
+apt (0.7.26~exp6) UNRELEASED; urgency=low
 
   [ David Kalnischkies ]
+  * doc/apt.conf.5.xml:
+    - document the new Valid-Until related options
   * apt-pkg/indexrecords.cc:
     - backport forgotten Valid-Until patch from the obsolete experimental
       branch to prevent replay attacks better, thanks to Thomas Viehmann
       for the initial patch! (Closes: #499897)
+  * apt-pkg/contrib/strutl.cc:
+    - split StrToTime() into HTTP1.1 and FTP date parser methods and
+      use strptime() instead of some self-made scanf mangling
+    - use the portable timegm shown in his manpage instead of a strange
+      looking code copycat from wget
+  * ftparchive/writer.cc:
+    - add ValidTime option to generate a Valid-Until header in Release file
+
+ -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 09 Jun 2010 10:43:58 +0200
+
+apt (0.7.26~exp5) experimental; urgency=low
+
+  [ David Kalnischkies ]
   * cmdline/apt-get.cc:
     - rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
     - don't suggest held packages as they are installed (Closes: #578135)
@@ -44,13 +59,6 @@ apt (0.7.26~exp5) experimental; urgency=low
     - add 'disappear' to the known processing states, thanks Jonathan Nieder
   * apt-pkg/packagemanager.h:
     - export info about disappeared packages with GetDisappearedPackages()
-  * apt-pkg/contrib/strutl.cc:
-    - split StrToTime() into HTTP1.1 and FTP date parser methods and
-      use strptime() instead of some selfmade scanf mangling
-    - use the portable timegm shown in his manpage instead of a strange
-      looking code copycat from wget
-  * ftparchive/writer.cc:
-    - add ValidTime option to generate a Valid-Until header in Release file
 
   [ Michael Vogt ]
   * methods/http.{cc,h}:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fe005e0f1..0cf4bb663 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
    and the URI handlers. 
 
    <variablelist>
+     <varlistentry><term>Check-Valid-Until</term>
+	 <listitem><para>Security related option defaulting to true as an
+	 expiring validation for a Release file prevents longtime replay attacks
+	 and can e.g. also help users to identify no longer updated mirrors -
+	 but the feature depends on the correctness of the time on the user system.
+	 Archive maintainers are encouraged to create Release files with the
+	 <literal>Valid-Until</literal> header, but if they don't or a stricter value
+	 is volitional the following <literal>Max-ValidTime</literal> option can be used.
+	 </para></listitem>
+     </varlistentry>
+
+     <varlistentry><term>Max-ValidTime</term>
+	 <listitem><para>Seconds the Release file should be considered valid after
+	 it was created. The default is "for ever" (0) if the Release file of the
+	 archive doesn't include a <literal>Valid-Until</literal> header.
+	 If it does then this date is the default. The date from the Release file or
+	 the date specified by the creation time of the Release file
+	 (<literal>Date</literal> header) plus the seconds specified with this
+	 options are used to check if the validation of a file has expired by using
+	 the earlier date of the two. Archive specific settings can be made by
+	 appending the label of the archive to the option name.
+	 </para></listitem>
+     </varlistentry>
+
      <varlistentry><term>PDiffs</term>
 	 <listitem><para>Try to download deltas called <literal>PDiffs</literal> for
 	 Packages or Sources files instead of downloading whole ones. True
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index d168417d8..127feb9e9 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -176,6 +176,10 @@ Acquire
   PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
 			  // 50% of the size of the original file
 
+  Check-Valid-Until "true";
+  Max-ValidTime "864000"; // 10 days
+  Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
   // HTTP method configuration
   http 
   {