+"<option>Trusted</option> (<option>trusted</option>) is a tri-state value "
+"which defaults to APT deciding if a source is considered trusted or if "
+"warnings should be raised before e.g. packages are installed from this "
+"source. This option can be used to override this decision either with the "
+"value <literal>yes</literal>, which lets APT consider this source always as "
+"a trusted source even if it has no or fails authentication checks by "
+"disabling parts of &apt-secure; and should therefore only be used in a local "
+"and trusted context (if at all) as otherwise security is breached. The "
+"opposite can be achieved with the value no, which causes the source to be "
+"handled as untrusted even if the authentication checks passed successfully. "
+"The default value can't be set explicitly."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Signed-By</option> (<option>signed-by</option>) is either an "
+"absolute path to a keyring file (has to be accessible and readable for the "
+"<literal>_apt</literal> user, so ensure everyone has read-permissions on the "
+"file) or a fingerprint of a key in either the "
+"<filename>trusted.gpg</filename> keyring or in one of the keyrings in the "
+"<filename>trusted.gpg.d/</filename> directory (see <command>apt-key "
+"fingerprint</command>). If the option is set only the key(s) in this keyring "
+"or only the key with this fingerprint is used for the &apt-secure; "
+"verification of this repository. Otherwise all keys in the trusted keyrings "
+"are considered valid signers for this repository."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Check-Valid-Until</option> (<option>check-valid-until</option>) is "
+"a yes/no value which controls if APT should try to detect replay attacks. A "
+"repository creator can declare until then the data provided in the "
+"repository should be considered valid and if this time is reached, but no "
+"new data is provided the data is considered expired and an error is raised. "
+"Beside increasing security as a malicious attacker can't sent old data "
+"forever denying a user to be able to upgrade to a new version, this also "
+"helps users identify mirrors which are no longer updated. Some repositories "
+"like historic archives aren't updated anymore by design through, so this "
+"check can be disabled by setting this option to <literal>no</literal>. "
+"Defaults to the value of configuration option "
+"<option>Acquire::Check-Valid-Until</option> which itself defaults to "
+"<literal>yes</literal>."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Valid-Until-Min</option> (<option>valid-until-min</option>) and "
+"<option>Valid-Until-Max</option> (<option>valid-until-max</option>) can be "
+"used to raise or lower the time period in seconds in which the data from "
+"this repository is considered valid. -Max can be especially useful if the "
+"repository provides no Valid-Until field on its Release file to set your own "
+"value, while -Min can be used to increase the valid time on seldom updated "
+"(local) mirrors of a more frequently updated but less accessible archive "
+"(which is in the sources.list as well) instead of disabling the check "
+"entirely. Default to the value of the configuration options "
+"<option>Acquire::Min-ValidTime</option> and "
+"<option>Acquire::Max-ValidTime</option> which are both unset by default."
projects / apt.git / blobdiff