summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/hashsum.cc
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2014-09-26 20:59:31 +0200
committerMichael Vogt <mvo@debian.org>2014-09-26 22:27:54 +0200
commit631a7dc7906a10ccd5f14dcfe42224e6107e11f6 (patch)
tree0068d6d431c194dee5d8a46d98ec7030e928364a /apt-pkg/contrib/hashsum.cc
parentc4ffa0428b617cd844f0f9dfd5d16ae0553675ac (diff)
Do not allow going from authenticated to unauthenticated repo
Also rework the way we load the Release file, so it only after Release.gpg verified the Release file. The rational is that we never want to load untrusted data into our parsers. Only stuff verified with gpg or by its hashes get loaded. To load untrusted data you now need to use apt-get update --allow-unauthenticated.
Diffstat (limited to 'apt-pkg/contrib/hashsum.cc')
0 files changed, 0 insertions, 0 deletions