diff options
author | David Kalnischkies <david@kalnischkies.de> | 2017-11-22 13:42:31 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2017-12-13 23:51:57 +0100 |
commit | 197c53951430bcb267ddd6e398439a8a5d9a83ad (patch) | |
tree | 09b3e95837d8942c369c29a7046bff8c7afdab64 /apt-inst/contrib/extracttar.h | |
parent | b85851e510bdf13cef770981f76a403bc20b12da (diff) |
if insecure repo is allowed continue on all http errors
If a InRelease file fails to download with a non-404 error
we assumed there is some general problem with repository like
a webportal or your are blocked from access (wrong auth, Tor, …).
Turns out some server like S3 return 403 if a file doesn't exist.
Allowing this in general seems like a step backwards as 403 is a
reasonable response if auth failed, so failing here seems better
than letting those users run into problems.
What we can do is show our insecure warnings through and allow the
failures for insecure repos: If the repo is signed it is easy to add
an InRelease file and if not you are setup for trouble anyhow.
References: cbbf185c3c55effe47f218a07e7b1f324973a8a6
Diffstat (limited to 'apt-inst/contrib/extracttar.h')
0 files changed, 0 insertions, 0 deletions