From d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Jun 2016 20:50:43 +0200 Subject: add insecure (and weak) allow-options for sources.list Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories. --- doc/apt.conf.5.xml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'doc/apt.conf.5.xml') diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 015401605..dfdd0eabf 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -653,7 +653,17 @@ APT::Compressor::rev { Allow update operations to load data files from repositories without sufficient security information. The default value is "false". - Concept and implications of this are detailed in &apt-secure;. + Concept, implications as well as alternatives are detailed in &apt-secure;. + + + + + + Allow update operations to load data files from + repositories which provide security information, but these + are deemed no longer cryptographically strong enough. + The default value is "false". + Concept, implications as well as alternatives are detailed in &apt-secure;. @@ -664,9 +674,7 @@ APT::Compressor::rev { for a previously trusted repository apt will refuse the update. This option can be used to override this protection. You almost certainly never want to enable this. The default is false. - - Note that apt will still consider packages from this source - untrusted and warns about them if you try to install them. + Concept, implications as well as alternatives are detailed in &apt-secure;. -- cgit v1.2.3