From d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 20 Jun 2016 20:50:43 +0200
Subject: add insecure (and weak) allow-options for sources.list

Weak had no dedicated option before and Insecure and Downgrade were both
global options, which given the effect they all have on security is
rather bad. Setting them for individual repositories only isn't great
but at least slightly better and also more consistent with other
settings for repositories.
---
 doc/apt-secure.8.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'doc/apt-secure.8.xml')

diff --git a/doc/apt-secure.8.xml b/doc/apt-secure.8.xml
index 2c1c192d4..79bb86a0f 100644
--- a/doc/apt-secure.8.xml
+++ b/doc/apt-secure.8.xml
@@ -75,7 +75,10 @@
    <para>
    You can force all APT clients to raise only warnings by setting the
    configuration option <option>Acquire::AllowInsecureRepositories</option> to
-   <literal>true</literal>. Note that this option will eventually be removed.
+   <literal>true</literal>. Individual repositories can also be allowed to be insecure
+   via the &sources-list; option <literal>allow-insecure=yes</literal>.
+   Note that insecure repositories are strongly discouraged and all options
+   to force apt to continue supporting them will eventually be removed.
    Users also have the <option>Trusted</option> option available to disable
    even the warnings, but be sure to understand the implications as detailed in
    &sources-list;.
@@ -87,7 +90,8 @@
    irrespective of the option to allow or forbid usage of insecure repositories.
    The error can be overcome by additionally setting
    <option>Acquire::AllowDowngradeToInsecureRepositories</option>
-   to <literal>true</literal>.
+   to <literal>true</literal> or for Individual repositories with the &sources-list;
+   option <literal>allow-downgrade-to-insecure=yes</literal>.
    </para>
 
    <para>
-- 
cgit v1.2.3