forbid insecure repositories by default expect in apt-get

With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
author: David Kalnischkies <david@kalnischkies.de> 2016-03-18 14:46:24 +0100
committer: David Kalnischkies <david@kalnischkies.de> 2016-06-22 14:05:01 +0200
commit: 952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch)
tree: 098154a03b1616e00289074eda11d4bee72ead8c /apt-pkg/init.cc
parent: b1bdfe682054ea6fc202416968c5342d59b403b1 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index a41d604d3..c77e8e2fe 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -86,10 +86,7 @@ bool pkgInitConfig(Configuration &Cnf)
    Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$");
 
    // Repository security
-   // FIXME: this is set to "true" for backward compatibility, once
-   //        jessie is out we want to change this to "false" to
-   //        improve security
-   Cnf.CndSet("Acquire::AllowInsecureRepositories", true);
+   Cnf.CndSet("Acquire::AllowInsecureRepositories", false);
    Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false);
 
    // Default cdrom mount point
author	David Kalnischkies <david@kalnischkies.de>	2016-03-18 14:46:24 +0100
committer	David Kalnischkies <david@kalnischkies.de>	2016-06-22 14:05:01 +0200
commit	952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch)
tree	098154a03b1616e00289074eda11d4bee72ead8c /apt-pkg/init.cc
parent	b1bdfe682054ea6fc202416968c5342d59b403b1 (diff)