diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-03-18 14:46:24 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-22 14:05:01 +0200 |
| commit | 952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch) | |
| tree | 098154a03b1616e00289074eda11d4bee72ead8c /doc/apt.conf.5.xml | |
| parent | b1bdfe682054ea6fc202416968c5342d59b403b1 (diff) | |
forbid insecure repositories by default expect in apt-get
With this commit all APT-based clients default to refusing to work with
unsigned or otherwise insufficently secured repositories. In terms of
apt and apt-get this changes nothing, but it effects all tools using
libapt like aptitude, synaptic or packagekit.
The exception remains apt-get for stretch for now as this might break
too many scripts/usecases too quickly.
The documentation is updated and extended to reflect how to opt out or
in on this behaviour change.
Closes: 808367
Diffstat (limited to 'doc/apt.conf.5.xml')
| -rw-r--r-- | doc/apt.conf.5.xml | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index d71f99c0a..015401605 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -650,27 +650,24 @@ APT::Compressor::rev { <varlistentry><term><option>AllowInsecureRepositories</option></term> <listitem><para> - Allow the update operation to load data files from - a repository without a trusted signature. If enabled this - option no data files will be loaded and the update - operation fails with a error for this source. The default - is false for backward compatibility. This will be changed - in the future. + Allow update operations to load data files from + repositories without sufficient security information. + The default value is "<literal>false</literal>". + Concept and implications of this are detailed in &apt-secure;. </para></listitem> </varlistentry> <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term> <listitem><para> - Allow that a repository that was previously gpg signed to become - unsigned durign a update operation. When there is no valid signature - of a previously trusted repository apt will refuse the update. This - option can be used to override this protection. You almost certainly - never want to enable this. The default is false. - - Note that apt will still consider packages from this source - untrusted and warn about them if you try to install - them. - </para></listitem> + Allow that a repository that was previously gpg signed to become + unsigned during an update operation. When there is no valid signature + for a previously trusted repository apt will refuse the update. This + option can be used to override this protection. You almost certainly + never want to enable this. The default is <literal>false</literal>. + + Note that apt will still consider packages from this source + untrusted and warns about them if you try to install them. + </para></listitem> </varlistentry> <varlistentry><term><option>Changelogs::URI</option> scope</term> |