+"<option>Trusted</option> (<option>trusted</option>) is a tri-state value "
+"which defaults to APT deciding if a source is considered trusted or if "
+"warnings should be raised before e.g. packages are installed from this "
+"source. This option can be used to override that decision. The value "
+"<literal>yes</literal> tells APT always to consider this source as trusted, "
+"even if it doesn't pass authentication checks. It disables parts of &apt-"
+"secure;, and should therefore only be used in a local and trusted context "
+"(if at all) as otherwise security is breached. The value <literal>no</"
+"literal> does the opposite, causing the source to be handled as untrusted "
+"even if the authentication checks passed successfully. The default value "
+"can't be set explicitly."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
+"<option>Signed-By</option> (<option>signed-by</option>) is either an "
+"absolute path to a keyring file (has to be accessible and readable for the "
+"<literal>_apt</literal> user, so ensure everyone has read-permissions on the "
+"file) or a fingerprint of a key either in the <filename>trusted.gpg</"
+"filename> keyring or in one of the keyrings in the <filename>trusted.gpg.d/</"
+"filename> directory (see <command>apt-key fingerprint</command>). If the "
+"option is set, only the key(s) in this keyring or only the key with this "
+"fingerprint is used for the &apt-secure; verification of this repository. "
+"Otherwise all keys in the trusted keyrings are considered valid signers for "
+"this repository."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
+"<option>Check-Valid-Until</option> (<option>check-valid-until</option>) is "
+"a yes/no value which controls if APT should try to detect replay attacks. A "
+"repository creator can declare a time until which the data provided in the "
+"repository should be considered valid, and if this time is reached, but no "
+"new data is provided, the data is considered expired and an error is "
+"raised. Besides increasing security, as a malicious attacker can't send old "
+"data forever to prevent a user from upgrading to a new version, this also "
+"helps users identify mirrors which are no longer updated. However, some "
+"repositories such as historic archives are not updated any more by design, "
+"so this check can be disabled by setting this option to <literal>no</"
+"literal>. Defaults to the value of configuration option <option>Acquire::"
+"Check-Valid-Until</option> which itself defaults to <literal>yes</literal>."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml
+msgid ""
+"<option>Valid-Until-Min</option> (<option>valid-until-min</option>) and "
+"<option>Valid-Until-Max</option> (<option>valid-until-max</option>) can be "
+"used to raise or lower the time period in seconds in which the data from "
+"this repository is considered valid. -Max can be especially useful if the "
+"repository provides no Valid-Until field on its Release file to set your own "
+"value, while -Min can be used to increase the valid time on seldom updated "
+"(local) mirrors of a more frequently updated but less accessible archive "
+"(which is in the sources.list as well) instead of disabling the check "
+"entirely. Default to the value of the configuration options "
+"<option>Acquire::Min-ValidTime</option> and <option>Acquire::Max-ValidTime</"
+"option> which are both unset by default."