From cbaf353ead58aa9eefe51542b6ad91e69b6289ce Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 28 Jun 2017 12:57:51 +0200
Subject: fail instead of warn on insecure repositories in apt-get

The exception was made to give (script) users a one-release grace period
to adapt their setup to deal with apt enforcing signing of repositories.
As we are now at the start of a new release cycle its as good a time as
any to lift it now.

Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
---
 debian/NEWS | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'debian')

diff --git a/debian/NEWS b/debian/NEWS
index bff3621bc..00cb9be46 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,17 @@
+apt (1.5~) UNRELEASED; urgency=medium
+
+  The security exception for apt-get to only raise warnings if it encounters
+  unauthenticated repositories in the "update" command is gone now, so that it
+  will raise errors just like apt and all other apt-based front-ends do since
+  at least apt version 1.3.
+
+  It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
+  behaviour of apt-get by setting the option
+    Binary::apt-get::Acquire::AllowInsecureRepositories "true";
+  See apt-secure(8) manpage for configuration details.
+
+ -- David Kalnischkies <donkult@debian.org>  Wed, 28 Jun 2017 12:37:12 +0200
+
 apt (1.4.2) unstable; urgency=medium
 
   If periodic updates and unattended upgrades are enabled, the start of
-- 
cgit v1.2.3