From 952ee63b0af14a534c0aca00c11d1a99be6b22b2 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 18 Mar 2016 14:46:24 +0100
Subject: forbid insecure repositories by default expect in apt-get

With this commit all APT-based clients default to refusing to work with
unsigned or otherwise insufficently secured repositories. In terms of
apt and apt-get this changes nothing, but it effects all tools using
libapt like aptitude, synaptic or packagekit.

The exception remains apt-get for stretch for now as this might break
too many scripts/usecases too quickly.

The documentation is updated and extended to reflect how to opt out or
in on this behaviour change.

Closes: 808367
---
 doc/apt.conf.5.xml | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

(limited to 'doc/apt.conf.5.xml')

diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index d71f99c0a..015401605 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -650,27 +650,24 @@ APT::Compressor::rev {
 
      <varlistentry><term><option>AllowInsecureRepositories</option></term>
 	 <listitem><para>
-           Allow the update operation to load data files from
-           a repository without a trusted signature. If enabled this
-           option no data files will be loaded and the update
-           operation fails with a error for this source. The default
-           is false for backward compatibility. This will be changed
-           in the future.
+	   Allow update operations to load data files from
+	   repositories without sufficient security information.
+	   The default value is "<literal>false</literal>".
+	   Concept and implications of this are detailed in &apt-secure;.
 	 </para></listitem>
      </varlistentry>
 
      <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
 	 <listitem><para>
-           Allow that a repository that was previously gpg signed to become
-           unsigned durign a update operation. When there is no valid signature
-           of a previously trusted repository apt will refuse the update. This
-           option can be used to override this protection. You almost certainly
-           never want to enable this. The default is false.
-
-           Note that apt will still consider packages from this source
-           untrusted and warn about them if you try to install
-           them.
-         </para></listitem>
+	   Allow that a repository that was previously gpg signed to become
+	   unsigned during an update operation. When there is no valid signature
+	   for a previously trusted repository apt will refuse the update. This
+	   option can be used to override this protection. You almost certainly
+	   never want to enable this. The default is <literal>false</literal>.
+
+	   Note that apt will still consider packages from this source
+	   untrusted and warns about them if you try to install them.
+	 </para></listitem>
      </varlistentry>
 
      <varlistentry><term><option>Changelogs::URI</option> scope</term>
-- 
cgit v1.2.3