16 files changed, 1075 insertions, 336 deletions
diff --git a/doc/apt-ftparchive.1.xml b/doc/apt-ftparchive.1.xml
index b0bf01b89..c9e5ba28e 100644
--- a/doc/apt-ftparchive.1.xml
+++ b/doc/apt-ftparchive.1.xml
@@ -14,7 +14,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2016-05-27T00:00:00Z</date>
+   <date>2016-06-11T00:00:00Z</date>
  </refentryinfo>
  
  <refmeta>
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 8fc6cc26d..e1cdbc3cf 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -14,7 +14,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2016-05-16T00:00:00Z</date>
+   <date>2016-03-18T00:00:00Z</date>
  </refentryinfo>
  
  <refmeta>
diff --git a/doc/apt-secure.8.xml b/doc/apt-secure.8.xml
index 79bb86a0f..491c40f62 100644
--- a/doc/apt-secure.8.xml
+++ b/doc/apt-secure.8.xml
@@ -13,7 +13,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2016-03-18T00:00:00Z</date>
+   <date>2016-06-20T00:00:00Z</date>
  </refentryinfo>
 
  <refmeta>
diff --git a/doc/apt-verbatim.ent b/doc/apt-verbatim.ent
index 623505d11..d9c9c0f06 100644
--- a/doc/apt-verbatim.ent
+++ b/doc/apt-verbatim.ent
@@ -239,7 +239,7 @@
 ">
 
 <!-- this will be updated by 'prepare-release' -->
-<!ENTITY apt-product-version "1.3~exp2">
+<!ENTITY apt-product-version "1.3~exp3">
 
 <!-- (Code)names for various things used all over the place -->
 <!ENTITY debian-oldstable-codename "wheezy">
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index dfdd0eabf..23ff061f0 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -19,7 +19,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2016-05-27T00:00:00Z</date>
+   <date>2016-06-20T00:00:00Z</date>
  </refentryinfo>
  
  <refmeta>
diff --git a/doc/po/apt-doc.pot b/doc/po/apt-doc.pot
index cc9f4acc9..09954b442 100644
--- a/doc/po/apt-doc.pot
+++ b/doc/po/apt-doc.pot
@@ -5,9 +5,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: apt-doc 1.3~exp2\n"
+"Project-Id-Version: apt-doc 1.3~exp3\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1398,8 +1398,9 @@ msgstr ""
 #: apt-get.8.xml:1
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: "
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: "
 "<literal>Acquire::AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -2157,27 +2158,59 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml:1
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download "
+"front-ends like &apt-get; will require explicit confirmation if an "
+"installation request includes a package from such an unauthenticated "
+"archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml:1
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to "
-"<literal>false</literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option "
+"<option>Binary::apt-get::Acquire::AllowInsecureRepositories</option> to "
+"<literal>false</literal> or "
+"<option>--no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml:1
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option "
+"<literal>allow-insecure=yes</literal>.  Note that insecure repositories are "
+"strongly discouraged and all options to force apt to continue supporting "
+"them will eventually be removed.  Users also have the "
+"<option>Trusted</option> option available to disable even the warnings, but "
+"be sure to understand the implications as detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml:1
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the "
+"&sources-list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -3195,13 +3228,17 @@ msgstr ""
 #: apt.conf.5.xml:1
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style "
-"<literal>http://proxy:port/</literal>. This will override the generic "
-"<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
-"configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  See "
-"the &squid-deb-proxy-client; package for an example implementation that uses "
-"avahi. This option takes precedence over the legacy option name "
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for "
+"host-specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that "
+"auto-detection will not be used for a host if a host-specific proxy "
+"configuration is already set via "
+"<literal>Acquire::http::Proxy::<replaceable>HOST</replaceable></literal>.  "
+"See the &squid-deb-proxy-client; package for an example implementation that "
+"uses avahi.  This option takes precedence over the legacy option name "
 "<literal>ProxyAutoDetect</literal>."
 msgstr ""
 
@@ -3485,21 +3522,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml:1
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is "
+"\"<literal>false</literal>\".  Concept, implications as well as alternatives "
+"are detailed in &apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml:1
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml:1
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable "
-"this. The default is false.  Note that apt will still consider packages from "
-"this source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -5580,6 +5626,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml:1
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and "
+"<option>Allow-Downgrade-To-Insecure</option> "
+"(<option>allow-downgrade-to-insecure</option>)  are boolean values which all "
+"default to <literal>no</literal>.  If set to <literal>yes</literal> they "
+"circumvent parts of &apt-secure; and should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/de.po b/doc/po/de.po
index 71f25a51c..78c08b126 100644
--- a/doc/po/de.po
+++ b/doc/po/de.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.8\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2014-09-14 14:46+0200\n"
 "Last-Translator: Chris Leick <c.leick@vollbio.de>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
@@ -1959,8 +1959,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -3033,7 +3034,9 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "Beginnend mit Version 0.6 enthält <command>apt</command> Code, der die "
 "Signatur der Release-Datei für alle Archive prüft. Dies stellt sicher, dass "
@@ -3044,20 +3047,48 @@ msgstr ""
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -4616,16 +4647,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> kann benutzt werden, um "
 "einen externen Befehl zum Auffinden des HTTP-Proxys anzugeben, der benutzt "
@@ -5088,21 +5133,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -8026,6 +8080,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/es.po b/doc/po/es.po
index 262fd07be..cb4ed2cd8 100644
--- a/doc/po/es.po
+++ b/doc/po/es.po
@@ -38,7 +38,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2014-07-04 01:31+0200\n"
 "Last-Translator: Omar Campagne <ocampagne@gmail.com>\n"
 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -2039,8 +2039,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -3103,7 +3104,9 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "Desde la versión 0.6, <command>apt</command> contiene el código que realiza "
 "la comprobación de la firma del fichero «Release» para todos los archivos. "
@@ -3114,20 +3117,48 @@ msgstr ""
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -4676,14 +4707,17 @@ msgstr ""
 #: apt.conf.5.xml
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -5130,21 +5164,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -8039,6 +8082,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/fr.po b/doc/po/fr.po
index 61e05f21d..dc01f12fa 100644
--- a/doc/po/fr.po
+++ b/doc/po/fr.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2014-11-15 17:26+0100\n"
 "Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -1955,8 +1955,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -3027,7 +3028,9 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "Depuis sa version 0.6, <command>apt</command> sait vérifier la signature du "
 "fichier Release de chaque archive. On s'assure ainsi que les paquets de "
@@ -3038,20 +3041,48 @@ msgstr ""
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -4610,16 +4641,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "L'option <literal>Acquire::http::Proxy-Auto-Detect</literal> peut être "
 "utilisée pour indiquer une commande externe pour découvrir le mandataire "
@@ -5078,21 +5123,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -7991,6 +8045,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/it.po b/doc/po/it.po
index d4f4f8983..eb68d83a1 100644
--- a/doc/po/it.po
+++ b/doc/po/it.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2015-12-27 21:26+0200\n"
 "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
 "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
@@ -2005,10 +2005,17 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt-get.8.xml
+#, fuzzy
+#| msgid ""
+#| "Forbid the update command to acquire unverifiable data from configured "
+#| "sources. Apt will fail at the update command for repositories without "
+#| "valid cryptographically signatures.  Configuration Item: "
+#| "<literal>Acquire::AllowInsecureRepositories</literal>."
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 "Impedisce dal comando update di acquisire dati non verificati dalle fonti "
@@ -3057,11 +3064,19 @@ msgstr "supporto per l'autenticazione degli archivi per APT"
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "Starting with version 0.6, <command>APT</command> contains code that does "
+#| "signature checking of the Release file for all repositories. This ensures "
+#| "that data like packages in the archive can't be modified by people who "
+#| "have no access to the Release file signing key."
 msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "A partire dalla versione 0.6, <command>APT</command> contiene del codice che "
 "controlla le firme dei file Release per tutti i repository. Ciò assicura che "
@@ -3070,12 +3085,19 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "If an archive has an unsigned Release file or no Release file at all "
+#| "current APT versions will raise a warning in <command>update</command> "
+#| "operations and front-ends like <command>apt-get</command> will require "
+#| "explicit confirmation if an installation request includes a package from "
+#| "such an unauthenticated archive."
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 "Se un archivio ha un file Release non firmato o non ha per nulla un file "
 "Release, le versioni attuali di APT mostrano un avvertimento durante le "
@@ -3086,17 +3108,40 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
-"In futuro APT si rifiuterà in modo predefinito di lavorare con repository "
-"non autenticati fino a quando il supporto per essi sarà completamente "
-"rimosso. Gli utenti hanno l'opzione di passare di già a questo comportamento "
-"impostando l'opzione di configurazione <option>Acquire::"
-"AllowInsecureRepositories</option> a <literal>false</literal>."
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
@@ -4577,16 +4622,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> può essere usato per "
 "specificare un comando esterno per rilevare il proxy http da usare. Apt si "
@@ -5047,26 +5106,39 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
-"Permette all'operazione «update» di caricare i file dei dati da un "
-"repository senza una firma fidata. Se questa opzione viene abilitata non "
-"viene caricato alcun file dei dati e l'operazione di «update» fallisce per "
-"tale fonte. Il valore predefinito è impostato a falso per compatibilità "
-"all'indietro. In futuro ciò cambierà."
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "Allow that a repository that was previously gpg signed to become unsigned "
+#| "durign a update operation. When there is no valid signature of a "
+#| "previously trusted repository apt will refuse the update. This option can "
+#| "be used to override this protection. You almost certainly never want to "
+#| "enable this. The default is false.  Note that apt will still consider "
+#| "packages from this source untrusted and warn about them if you try to "
+#| "install them."
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 "Permette che un repository che era in precedenza firmato con gpg diventi non "
 "firmato durante un'operazione di aggiornamento. Quando non c'è una firma "
@@ -8067,6 +8139,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
@@ -11333,6 +11416,31 @@ msgstr "  # apt-get -o dir::cache::archives=\"/disc/\" dist-upgrade\n"
 msgid "Which will use the already fetched archives on the disc."
 msgstr "che userà gli archivi già scaricati e presenti sul disco."
 
+#~ msgid ""
+#~ "In the future APT will refuse to work with unauthenticated repositories "
+#~ "by default until support for them is removed entirely. Users have the "
+#~ "option to opt-in to this behavior already by setting the configuration "
+#~ "option <option>Acquire::AllowInsecureRepositories</option> to "
+#~ "<literal>false</literal>."
+#~ msgstr ""
+#~ "In futuro APT si rifiuterà in modo predefinito di lavorare con repository "
+#~ "non autenticati fino a quando il supporto per essi sarà completamente "
+#~ "rimosso. Gli utenti hanno l'opzione di passare di già a questo "
+#~ "comportamento impostando l'opzione di configurazione <option>Acquire::"
+#~ "AllowInsecureRepositories</option> a <literal>false</literal>."
+
+#~ msgid ""
+#~ "Allow the update operation to load data files from a repository without a "
+#~ "trusted signature. If enabled this option no data files will be loaded "
+#~ "and the update operation fails with a error for this source. The default "
+#~ "is false for backward compatibility. This will be changed in the future."
+#~ msgstr ""
+#~ "Permette all'operazione «update» di caricare i file dei dati da un "
+#~ "repository senza una firma fidata. Se questa opzione viene abilitata non "
+#~ "viene caricato alcun file dei dati e l'operazione di «update» fallisce "
+#~ "per tale fonte. Il valore predefinito è impostato a falso per "
+#~ "compatibilità all'indietro. In futuro ciò cambierà."
+
 #~ msgid "&apt-get;, &apt-conf;"
 #~ msgstr "&apt-get;, &apt-conf;"
 
diff --git a/doc/po/ja.po b/doc/po/ja.po
index 168befa95..6ce6be988 100644
--- a/doc/po/ja.po
+++ b/doc/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.6\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2016-03-23 09:39+0900\n"
 "Last-Translator: Takuma Yamada <tyamada@takumayamada.com>\n"
 "Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
@@ -1941,10 +1941,17 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt-get.8.xml
+#, fuzzy
+#| msgid ""
+#| "Forbid the update command to acquire unverifiable data from configured "
+#| "sources. Apt will fail at the update command for repositories without "
+#| "valid cryptographically signatures.  Configuration Item: "
+#| "<literal>Acquire::AllowInsecureRepositories</literal>."
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 "設定された取得元から検証できないデータを取得する update コマンドを禁止しま"
@@ -2944,11 +2951,19 @@ msgstr "APT アーカイブ認証サポート"
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "Starting with version 0.6, <command>APT</command> contains code that does "
+#| "signature checking of the Release file for all repositories. This ensures "
+#| "that data like packages in the archive can't be modified by people who "
+#| "have no access to the Release file signing key."
 msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "バージョン 0.6 より、<command>apt</command> 全リポジトリに対する Release ファ"
 "イルの署名チェックコードが含まれています。これにより、アーカイブのパッケージ"
@@ -2957,12 +2972,19 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "If an archive has an unsigned Release file or no Release file at all "
+#| "current APT versions will raise a warning in <command>update</command> "
+#| "operations and front-ends like <command>apt-get</command> will require "
+#| "explicit confirmation if an installation request includes a package from "
+#| "such an unauthenticated archive."
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 "アーカイブに署名されていない Release ファイルがあるか、または Release ファイ"
 "ルがまったくない場合は、現在の APT バージョンは <command>update</command> 操"
@@ -2973,17 +2995,40 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
-"将来的には、リポジトリ認証サポートが完全に削除されるまで、APT はデフォルトで"
-"認証されていないリポジトリでの動作を拒否するでしょう。設定オプション "
-"<option>Acquire::AllowInsecureRepositories</option> を <literal>false</"
-"literal> に設定することで、ユーザはこのような動作にするオプトインするオプショ"
-"ンがあります。"
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
@@ -4383,16 +4428,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> を使って利用する http プ"
 "ロキシを検出するための外部コマンドを指定できます。APT はコマンドが標準出力に "
@@ -4833,25 +4892,39 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
-"信頼された署名がないリポジトリからデータファイルをロードする更新操作を許可し"
-"ます。このオプションを有効にした場合は、データファイルはロードされず、更新処"
-"理はこの取得元からのエラーで失敗します。デフォルトは、下位互換性を維持するた"
-"めに無効です。これは将来的に変更されます。"
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "Allow that a repository that was previously gpg signed to become unsigned "
+#| "durign a update operation. When there is no valid signature of a "
+#| "previously trusted repository apt will refuse the update. This option can "
+#| "be used to override this protection. You almost certainly never want to "
+#| "enable this. The default is false.  Note that apt will still consider "
+#| "packages from this source untrusted and warn about them if you try to "
+#| "install them."
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 "以前に GPG 署名されたリポジトリが、更新操作中に署名なしにすることを許可しま"
 "す。以前に信頼されたリポジトリの有効な署名が存在しない場合、更新を拒否しま"
@@ -7705,6 +7778,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
@@ -10865,6 +10949,30 @@ msgstr "  # apt-get -o dir::cache::archives=\"/disc/\" dist-upgrade\n"
 msgid "Which will use the already fetched archives on the disc."
 msgstr "これで、ディスクにある取得済みのアーカイブを使用するようになります。"
 
+#~ msgid ""
+#~ "In the future APT will refuse to work with unauthenticated repositories "
+#~ "by default until support for them is removed entirely. Users have the "
+#~ "option to opt-in to this behavior already by setting the configuration "
+#~ "option <option>Acquire::AllowInsecureRepositories</option> to "
+#~ "<literal>false</literal>."
+#~ msgstr ""
+#~ "将来的には、リポジトリ認証サポートが完全に削除されるまで、APT はデフォルト"
+#~ "で認証されていないリポジトリでの動作を拒否するでしょう。設定オプション "
+#~ "<option>Acquire::AllowInsecureRepositories</option> を <literal>false</"
+#~ "literal> に設定することで、ユーザはこのような動作にするオプトインするオプ"
+#~ "ションがあります。"
+
+#~ msgid ""
+#~ "Allow the update operation to load data files from a repository without a "
+#~ "trusted signature. If enabled this option no data files will be loaded "
+#~ "and the update operation fails with a error for this source. The default "
+#~ "is false for backward compatibility. This will be changed in the future."
+#~ msgstr ""
+#~ "信頼された署名がないリポジトリからデータファイルをロードする更新操作を許可"
+#~ "します。このオプションを有効にした場合は、データファイルはロードされず、更"
+#~ "新処理はこの取得元からのエラーで失敗します。デフォルトは、下位互換性を維持"
+#~ "するために無効です。これは将来的に変更されます。"
+
 #~ msgid "&apt-get;, &apt-conf;"
 #~ msgstr "&apt-get;, &apt-conf;"
 
diff --git a/doc/po/nl.po b/doc/po/nl.po
index b39e31993..5de47b459 100644
--- a/doc/po/nl.po
+++ b/doc/po/nl.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.1.10-nl\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2016-02-01 16:17+0100\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
@@ -2039,10 +2039,17 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt-get.8.xml
+#, fuzzy
+#| msgid ""
+#| "Forbid the update command to acquire unverifiable data from configured "
+#| "sources. Apt will fail at the update command for repositories without "
+#| "valid cryptographically signatures.  Configuration Item: "
+#| "<literal>Acquire::AllowInsecureRepositories</literal>."
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 "Sta het commando update niet toe om niet-verifieerbare gegevens op te halen "
@@ -3109,11 +3116,19 @@ msgstr "Ondersteuning in APT voor de authenticatie van archieven"
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "Starting with version 0.6, <command>APT</command> contains code that does "
+#| "signature checking of the Release file for all repositories. This ensures "
+#| "that data like packages in the archive can't be modified by people who "
+#| "have no access to the Release file signing key."
 msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "Met ingang van versie 0.6 bevat <command>APT</command> code die voor alle "
 "pakketbronnen de ondertekening controleert van het bestand Release. Dit "
@@ -3123,12 +3138,19 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
+#, fuzzy
+#| msgid ""
+#| "If an archive has an unsigned Release file or no Release file at all "
+#| "current APT versions will raise a warning in <command>update</command> "
+#| "operations and front-ends like <command>apt-get</command> will require "
+#| "explicit confirmation if an installation request includes a package from "
+#| "such an unauthenticated archive."
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 "Indien een archief een niet-ondertekend Release-bestand of helemaal geen "
 "Release-bestand heeft, zullen alle hedendaagse versies van APT een "
@@ -3140,17 +3162,40 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
-"In de toekomst zal APT standaard weigeren om met niet-geauthenticeerde "
-"pakketbronnen te werken totdat die helemaal niet meer ondersteund zullen "
-"worden. Gebruikers hebben de mogelijkheid om nu reeds voor dit gedrag te "
-"kiezen door de configuratieoptie <option>Acquire::AllowInsecureRepositories</"
-"option> in te stellen op <literal>false</literal>."
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
@@ -4661,16 +4706,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> kan gebruikt worden om "
 "een extern commando op te geven om de te gebruiken http-proxy te vinden. Apt "
@@ -5146,27 +5205,39 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
-"De bewerking update toelaten om databestanden op te halen van een pakketbron "
-"zonder een betrouwbare ondertekening. Indien deze optie geactiveerd is, "
-"zullen geen databestanden opgehaald worden en zal de update-bewerking voor "
-"deze pakketbron mislukken met een foutmelding. Omwille van achterwaartse "
-"compatibiliteit is de standaard false (uitgezet). In de toekomst zal dit "
-"veranderen."
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "Allow that a repository that was previously gpg signed to become unsigned "
+#| "durign a update operation. When there is no valid signature of a "
+#| "previously trusted repository apt will refuse the update. This option can "
+#| "be used to override this protection. You almost certainly never want to "
+#| "enable this. The default is false.  Note that apt will still consider "
+#| "packages from this source untrusted and warn about them if you try to "
+#| "install them."
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 "Toelaten dat een pakketbron die voorheen een gpg-ondertekening had, tijdens "
 "een update-bewerking niet langer ondertekend is. Als een pakketbron die "
@@ -8214,6 +8285,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
@@ -11569,6 +11651,33 @@ msgid "Which will use the already fetched archives on the disc."
 msgstr ""
 "En dit zal gebruik maken van de reeds opgehaalde archieven op de schijf."
 
+#~ msgid ""
+#~ "In the future APT will refuse to work with unauthenticated repositories "
+#~ "by default until support for them is removed entirely. Users have the "
+#~ "option to opt-in to this behavior already by setting the configuration "
+#~ "option <option>Acquire::AllowInsecureRepositories</option> to "
+#~ "<literal>false</literal>."
+#~ msgstr ""
+#~ "In de toekomst zal APT standaard weigeren om met niet-geauthenticeerde "
+#~ "pakketbronnen te werken totdat die helemaal niet meer ondersteund zullen "
+#~ "worden. Gebruikers hebben de mogelijkheid om nu reeds voor dit gedrag te "
+#~ "kiezen door de configuratieoptie <option>Acquire::"
+#~ "AllowInsecureRepositories</option> in te stellen op <literal>false</"
+#~ "literal>."
+
+#~ msgid ""
+#~ "Allow the update operation to load data files from a repository without a "
+#~ "trusted signature. If enabled this option no data files will be loaded "
+#~ "and the update operation fails with a error for this source. The default "
+#~ "is false for backward compatibility. This will be changed in the future."
+#~ msgstr ""
+#~ "De bewerking update toelaten om databestanden op te halen van een "
+#~ "pakketbron zonder een betrouwbare ondertekening. Indien deze optie "
+#~ "geactiveerd is, zullen geen databestanden opgehaald worden en zal de "
+#~ "update-bewerking voor deze pakketbron mislukken met een foutmelding. "
+#~ "Omwille van achterwaartse compatibiliteit is de standaard false "
+#~ "(uitgezet). In de toekomst zal dit veranderen."
+
 #~ msgid "&apt-get;, &apt-conf;"
 #~ msgstr "&apt-get;, &apt-conf;"
 
diff --git a/doc/po/pl.po b/doc/po/pl.po
index 86e8ec646..8d828b8cb 100644
--- a/doc/po/pl.po
+++ b/doc/po/pl.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2014-07-04 02:13+0200\n"
 "Last-Translator: Robert Luberda <robert@debian.org>\n"
 "Language-Team: Polish <manpages-pl-list@lists.sourceforge.net>\n"
@@ -2037,8 +2037,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -3139,7 +3140,9 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "Począwszy od wersji 0.6 <command>apt</command> zawiera kod sprawdzający "
 "sygnatury plików \"Release\" wszystkich archiwów. Zapewnia to, że pakiety w "
@@ -3150,20 +3153,48 @@ msgstr ""
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -4434,14 +4465,17 @@ msgstr ""
 #: apt.conf.5.xml
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -4715,21 +4749,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -7348,6 +7391,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/pt.po b/doc/po/pt.po
index bcf2bc16d..9dc768172 100644
--- a/doc/po/pt.po
+++ b/doc/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.7\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2014-08-29 00:34+0100\n"
 "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
 "Language-Team: Portuguese <traduz@debianpt.org>\n"
@@ -1978,8 +1978,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -3039,7 +3040,9 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 "A partir da versão 0.6, o <command>apt</command> contém código que faz "
 "verificação de assinaturas do ficheiro Release para todos os arquivos. Isto "
@@ -3050,20 +3053,48 @@ msgstr ""
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -4598,16 +4629,30 @@ msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
+#, fuzzy
+#| msgid ""
+#| "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to "
+#| "specify an external command to discover the http proxy to use. Apt "
+#| "expects the command to output the proxy on stdout in the style "
+#| "<literal>http://proxy:port/</literal>. This will override the generic "
+#| "<literal>Acquire::http::Proxy</literal> but not any specific host proxy "
+#| "configuration set via <literal>Acquire::http::Proxy::$HOST</literal>.  "
+#| "See the &squid-deb-proxy-client; package for an example implementation "
+#| "that uses avahi. This option takes precedence over the legacy option name "
+#| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> pode ser usado para "
 "especificar um comando externo para descobrir o proxy http a usar. O apt "
@@ -5060,21 +5105,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -7956,6 +8010,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/po/pt_BR.po b/doc/po/pt_BR.po
index 2ffdb2ad8..c32266073 100644
--- a/doc/po/pt_BR.po
+++ b/doc/po/pt_BR.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2016-06-11 17:24+0200\n"
+"POT-Creation-Date: 2016-06-22 14:50+0200\n"
 "PO-Revision-Date: 2004-09-20 17:02+0000\n"
 "Last-Translator: André Luís Lopes <andrelop@debian.org>\n"
 "Language-Team: <debian-l10n-portuguese@lists.debian.org>\n"
@@ -1376,8 +1376,9 @@ msgstr ""
 #: apt-get.8.xml
 msgid ""
 "Forbid the update command to acquire unverifiable data from configured "
-"sources. Apt will fail at the update command for repositories without valid "
-"cryptographically signatures.  Configuration Item: <literal>Acquire::"
+"sources. APT will fail at the update command for repositories without valid "
+"cryptographically signatures. See also &apt-secure; for details on the "
+"concept and the implications.  Configuration Item: <literal>Acquire::"
 "AllowInsecureRepositories</literal>."
 msgstr ""
 
@@ -2137,27 +2138,57 @@ msgid ""
 "Starting with version 0.6, <command>APT</command> contains code that does "
 "signature checking of the Release file for all repositories. This ensures "
 "that data like packages in the archive can't be modified by people who have "
-"no access to the Release file signing key."
+"no access to the Release file signing key. Starting with version 1.1 "
+"<command>APT</command> requires repositories to provide recent "
+"authentication information for unimpeded usage of the repository."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
 "If an archive has an unsigned Release file or no Release file at all current "
-"APT versions will raise a warning in <command>update</command> operations "
-"and front-ends like <command>apt-get</command> will require explicit "
-"confirmation if an installation request includes a package from such an "
-"unauthenticated archive."
+"APT versions will refuse to download data from them by default in "
+"<command>update</command> operations and even if forced to download front-"
+"ends like &apt-get; will require explicit confirmation if an installation "
+"request includes a package from such an unauthenticated archive."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
 #: apt-secure.8.xml
 msgid ""
-"In the future APT will refuse to work with unauthenticated repositories by "
-"default until support for them is removed entirely. Users have the option to "
-"opt-in to this behavior already by setting the configuration option "
-"<option>Acquire::AllowInsecureRepositories</option> to <literal>false</"
-"literal>."
+"As a temporary exception &apt-get; (not &apt;!) raises warnings only if it "
+"encounters unauthenticated archives to give a slightly longer grace period "
+"on this backward compatibility effecting change. This exception will be "
+"removed in future releases and you can opt-out of this grace period by "
+"setting the configuration option <option>Binary::apt-get::Acquire::"
+"AllowInsecureRepositories</option> to <literal>false</literal> or <option>--"
+"no-allow-insecure-repositories</option> on the command line."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"You can force all APT clients to raise only warnings by setting the "
+"configuration option <option>Acquire::AllowInsecureRepositories</option> to "
+"<literal>true</literal>. Individual repositories can also be allowed to be "
+"insecure via the &sources-list; option <literal>allow-insecure=yes</"
+"literal>.  Note that insecure repositories are strongly discouraged and all "
+"options to force apt to continue supporting them will eventually be "
+"removed.  Users also have the <option>Trusted</option> option available to "
+"disable even the warnings, but be sure to understand the implications as "
+"detailed in &sources-list;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para>
+#: apt-secure.8.xml
+msgid ""
+"A repository which previously was authentication but would loose this state "
+"in an <command>update</command> operation raises an error in all APT clients "
+"irrespective of the option to allow or forbid usage of insecure "
+"repositories.  The error can be overcome by additionally setting "
+"<option>Acquire::AllowDowngradeToInsecureRepositories</option> to "
+"<literal>true</literal> or for Individual repositories with the &sources-"
+"list; option <literal>allow-downgrade-to-insecure=yes</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><para>
@@ -3177,14 +3208,17 @@ msgstr ""
 #: apt.conf.5.xml
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
-"an external command to discover the http proxy to use. Apt expects the "
-"command to output the proxy on stdout in the style <literal>http://proxy:"
-"port/</literal>. This will override the generic <literal>Acquire::http::"
-"Proxy</literal> but not any specific host proxy configuration set via "
-"<literal>Acquire::http::Proxy::$HOST</literal>.  See the &squid-deb-proxy-"
-"client; package for an example implementation that uses avahi. This option "
-"takes precedence over the legacy option name <literal>ProxyAutoDetect</"
-"literal>."
+"an external command to discover the http proxy to use. The first and only "
+"parameter is an URI denoting the host to be contacted to allow for host-"
+"specific configuration. APT expects the command to output the proxy on "
+"stdout as a single line in the style <literal>http://proxy:port/</literal> "
+"or the word <literal>DIRECT</literal> if no proxy should be used. No output "
+"indicates that the generic proxy settings should be used.  Note that auto-"
+"detection will not be used for a host if a host-specific proxy configuration "
+"is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</"
+"replaceable></literal>.  See the &squid-deb-proxy-client; package for an "
+"example implementation that uses avahi.  This option takes precedence over "
+"the legacy option name <literal>ProxyAutoDetect</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -3457,21 +3491,30 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
-"Allow the update operation to load data files from a repository without a "
-"trusted signature. If enabled this option no data files will be loaded and "
-"the update operation fails with a error for this source. The default is "
-"false for backward compatibility. This will be changed in the future."
+"Allow update operations to load data files from repositories without "
+"sufficient security information.  The default value is \"<literal>false</"
+"literal>\".  Concept, implications as well as alternatives are detailed in "
+"&apt-secure;."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: apt.conf.5.xml
+msgid ""
+"Allow update operations to load data files from repositories which provide "
+"security information, but these are deemed no longer cryptographically "
+"strong enough.  The default value is \"<literal>false</literal>\".  Concept, "
+"implications as well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt.conf.5.xml
 msgid ""
 "Allow that a repository that was previously gpg signed to become unsigned "
-"durign a update operation. When there is no valid signature of a previously "
-"trusted repository apt will refuse the update. This option can be used to "
-"override this protection. You almost certainly never want to enable this. "
-"The default is false.  Note that apt will still consider packages from this "
-"source untrusted and warn about them if you try to install them."
+"during an update operation. When there is no valid signature for a "
+"previously trusted repository apt will refuse the update. This option can be "
+"used to override this protection. You almost certainly never want to enable "
+"this. The default is <literal>false</literal>.  Concept, implications as "
+"well as alternatives are detailed in &apt-secure;."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -5943,6 +5986,17 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
 #: sources.list.5.xml
 msgid ""
+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and <option>Allow-"
+"Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</"
+"option>)  are boolean values which all default to <literal>no</literal>.  If "
+"set to <literal>yes</literal> they circumvent parts of &apt-secure; and "
+"should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
 "<option>Trusted</option> (<option>trusted</option>)  is a tri-state value "
 "which defaults to APT deciding if a source is considered trusted or if "
 "warnings should be raised before e.g.  packages are installed from this "
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index a67b50ecf..e6d82b1e7 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -14,7 +14,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2016-05-11T00:00:00Z</date>
+   <date>2016-06-20T00:00:00Z</date>
  </refentryinfo>
  
  <refmeta>