+ <refsect1><title>The deb and deb-src types: Options</title>
+ <para>Each source entry can have options specified modifying which and how
+ the source is accessed and data acquired from it. Format, syntax and names
+ of the options varies between the two formats one line and deb822 style
+ as described, but they have both the same options available. For simplicity
+ we list the deb822 fieldname and provide the one line name in brackets.
+ Remember that beside setting multivalue options explicitly, there is also
+ the option to modify them based on the default, but we aren't listing those
+ names explicitly here. Unsupported options are silently ignored by all
+ APT versions.
+
+ <itemizedlist>
+ <listitem><para><option>Architectures</option>
+ (<option>arch</option>) is a multivalue option defining for
+ which architectures information should be downloaded. If this
+ option isn't set the default is all architectures as defined by
+ the <option>APT::Architectures</option> config option.
+ </para></listitem>
+
+ <listitem><para><option>Languages</option>
+ (<option>lang</option>) is a multivalue option defining for
+ which languages information like translated package
+ descriptions should be downloaded. If this option isn't set
+ the default is all languages as defined by the
+ <option>Acquire::Languages</option> config option.
+ </para></listitem>
+
+ <listitem><para><option>Targets</option>
+ (<option>target</option>) is a multivalue option defining
+ which download targets apt will try to acquire from this
+ source. If not specified, the default set is defined by the
+ <option>Acquire::IndexTargets</option> configuration scope.
+ Aditionally, specific targets can be enabled or disabled by
+ using the identifier as field name instead of using this
+ multivalue option.
+ </para></listitem>
+
+ <listitem><para><option>PDiffs</option> (<option>pdiffs</option>)
+ is a yes/no value which controls if APT should try to use PDiffs
+ to update old indexes instead of downloading the new indexes
+ entirely. The value of this option is ignored if the repository
+ doesn't announce the availability of PDiffs. Defaults to the
+ value of the option with the same name for a specific index file
+ defined in the <option>Acquire::IndexTargets</option> scope,
+ which itself default to the value of configuration option
+ <option>Acquire::PDiffs</option> which defaults to
+ <literal>yes</literal>.
+ </para></listitem>
+
+ <listitem><para><option>By-Hash</option> (<option>by-hash</option>)
+ can have the value "yes", "no" or "force" and controls if APT
+ should try to acquire indexes via an URI constructed from a
+ hashsum of the expected file instead of using the well-known
+ stable filename of the index. Using this can avoid hashsum
+ mismatches, but requires a supporting mirror. The value
+ "yes"/"no" activates/disables the use of this feature if this
+ source indicates support for it, while "force" will enable the
+ feature regardless of what the source indicates.
+ Defaults to the value of the option of the same name for a
+ specific index file defined in the
+ <option>Acquire::IndexTargets</option> scope, which itself
+ defaults to the value of configuration option
+ <option>Acquire::By-Hash</option> which defaults to
+ <literal>yes</literal>.
+ </para></listitem>
+
+ </itemizedlist>
+
+ Further more, there are options which if set effect
+ <emphasis>all</emphasis> sources with the same URI and Suite, so they
+ have to be set on all such entries and can not be varied between
+ different components. APT will try to detect and error out on such
+ anomalies.
+
+ <itemizedlist>
+ <listitem><para><option>Trusted</option> (<option>trusted</option>)
+ is a tri-state value which defaults to APT deciding if a source
+ is considered trusted or if warnings should be raised before e.g.
+ packages are installed from this source. This option can be used
+ to override this decision either with the value <literal>yes</literal>,
+ which lets APT consider this source always as a trusted source
+ even if it has no or fails authentication checks by disabling parts
+ of &apt-secure; and should therefore only be used in a local and trusted
+ context (if at all) as otherwise security is breached. The opposite
+ can be achieved with the value no, which causes the source to be handled
+ as untrusted even if the authentication checks passed successfully.
+ The default value can't be set explicitly.
+ </para></listitem>
+
+ <listitem><para><option>Signed-By</option> (<option>signed-by</option>)
+ is either an absolute path to a keyring file (has to be
+ accessible and readable for the <literal>_apt</literal> user,
+ so ensure everyone has read-permissions on the file) or a
+ fingerprint of a key in either the
+ <filename>trusted.gpg</filename> keyring or in one of the
+ keyrings in the <filename>trusted.gpg.d/</filename> directory
+ (see <command>apt-key fingerprint</command>). If the option is
+ set only the key(s) in this keyring or only the key with this
+ fingerprint is used for the &apt-secure; verification of this
+ repository. Otherwise all keys in the trusted keyrings are
+ considered valid signers for this repository.
+ </para></listitem>
+
+ <listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)
+ is a yes/no value which controls if APT should try to detect
+ replay attacks. A repository creator can declare until then the
+ data provided in the repository should be considered valid and
+ if this time is reached, but no new data is provided the data
+ is considered expired and an error is raised. Beside
+ increasing security as a malicious attacker can't sent old data
+ forever denying a user to be able to upgrade to a new version,
+ this also helps users identify mirrors which are no longer
+ updated. Some repositories like historic archives aren't
+ updated anymore by design through, so this check can be
+ disabled by setting this option to <literal>no</literal>.
+ Defaults to the value of configuration option
+ <option>Acquire::Check-Valid-Until</option> which itself
+ defaults to <literal>yes</literal>.
+ </para></listitem>
+
+ <listitem><para><option>Valid-Until-Min</option>
+ (<option>valid-until-min</option>) and
+ <option>Valid-Until-Max</option>
+ (<option>valid-until-max</option>) can be used to raise or
+ lower the time period in seconds in which the data from this
+ repository is considered valid. -Max can be especially useful
+ if the repository provides no Valid-Until field on its Release
+ file to set your own value, while -Min can be used to increase
+ the valid time on seldom updated (local) mirrors of a more
+ frequently updated but less accessible archive (which is in the
+ sources.list as well) instead of disabling the check entirely.
+ Default to the value of the configuration options
+ <option>Acquire::Min-ValidTime</option> and
+ <option>Acquire::Max-ValidTime</option> which are both unset by
+ default.
+ </para></listitem>
+
+ </itemizedlist>
+
+ </para>