diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apt-secure.8.xml | 8 | ||||
| -rw-r--r-- | doc/apt.conf.5.xml | 16 | ||||
| -rw-r--r-- | doc/sources.list.5.xml | 8 |
3 files changed, 26 insertions, 6 deletions
diff --git a/doc/apt-secure.8.xml b/doc/apt-secure.8.xml index 2c1c192d4..79bb86a0f 100644 --- a/doc/apt-secure.8.xml +++ b/doc/apt-secure.8.xml @@ -75,7 +75,10 @@ <para> You can force all APT clients to raise only warnings by setting the configuration option <option>Acquire::AllowInsecureRepositories</option> to - <literal>true</literal>. Note that this option will eventually be removed. + <literal>true</literal>. Individual repositories can also be allowed to be insecure + via the &sources-list; option <literal>allow-insecure=yes</literal>. + Note that insecure repositories are strongly discouraged and all options + to force apt to continue supporting them will eventually be removed. Users also have the <option>Trusted</option> option available to disable even the warnings, but be sure to understand the implications as detailed in &sources-list;. @@ -87,7 +90,8 @@ irrespective of the option to allow or forbid usage of insecure repositories. The error can be overcome by additionally setting <option>Acquire::AllowDowngradeToInsecureRepositories</option> - to <literal>true</literal>. + to <literal>true</literal> or for Individual repositories with the &sources-list; + option <literal>allow-downgrade-to-insecure=yes</literal>. </para> <para> diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 015401605..dfdd0eabf 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -653,7 +653,17 @@ APT::Compressor::rev { Allow update operations to load data files from repositories without sufficient security information. The default value is "<literal>false</literal>". - Concept and implications of this are detailed in &apt-secure;. + Concept, implications as well as alternatives are detailed in &apt-secure;. + </para></listitem> + </varlistentry> + + <varlistentry><term><option>AllowWeakRepositories</option></term> + <listitem><para> + Allow update operations to load data files from + repositories which provide security information, but these + are deemed no longer cryptographically strong enough. + The default value is "<literal>false</literal>". + Concept, implications as well as alternatives are detailed in &apt-secure;. </para></listitem> </varlistentry> @@ -664,9 +674,7 @@ APT::Compressor::rev { for a previously trusted repository apt will refuse the update. This option can be used to override this protection. You almost certainly never want to enable this. The default is <literal>false</literal>. - - Note that apt will still consider packages from this source - untrusted and warns about them if you try to install them. + Concept, implications as well as alternatives are detailed in &apt-secure;. </para></listitem> </varlistentry> diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index 0c93adc42..a67b50ecf 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -269,6 +269,14 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. anomalies. <itemizedlist> + <listitem><para><option>Allow-Insecure</option> (<option>allow-insecure</option>), + <option>Allow-Weak</option> (<option>allow-weak</option>) and + <option>Allow-Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</option>) + are boolean values which all default to <literal>no</literal>. + If set to <literal>yes</literal> they circumvent parts of &apt-secure; + and should therefore not be used lightly! + </para></listitem> + <listitem><para><option>Trusted</option> (<option>trusted</option>) is a tri-state value which defaults to APT deciding if a source is considered trusted or if warnings should be raised before e.g. |