+ to override that decision. The value <literal>yes</literal> tells APT
+ always to consider this source as trusted, even if it doesn't pass
+ authentication checks. It disables parts of &apt-secure;, and should
+ therefore only be used in a local and trusted context (if at all) as
+ otherwise security is breached. The value <literal>no</literal> does
+ the opposite, causing the source to be handled as untrusted even if
+ the authentication checks passed successfully. The default value can't
+ be set explicitly.
+ </para></listitem>
+
+ <listitem><para><option>Signed-By</option> (<option>signed-by</option>)
+ is either an absolute path to a keyring file (has to be
+ accessible and readable for the <literal>_apt</literal> user,
+ so ensure everyone has read-permissions on the file) or a
+ fingerprint of a key either in the
+ <filename>trusted.gpg</filename> keyring or in one of the
+ keyrings in the <filename>trusted.gpg.d/</filename> directory
+ (see <command>apt-key fingerprint</command>). If the option is
+ set, only the key(s) in this keyring or only the key with this
+ fingerprint is used for the &apt-secure; verification of this
+ repository. Otherwise all keys in the trusted keyrings are
+ considered valid signers for this repository.
+ </para></listitem>
+
+ <listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)
+ is a yes/no value which controls if APT should try to detect
+ replay attacks. A repository creator can declare a time until
+ which the data provided in the repository should be considered valid,
+ and if this time is reached, but no new data is provided, the data
+ is considered expired and an error is raised. Besides
+ increasing security, as a malicious attacker can't send old data
+ forever to prevent a user from upgrading to a new version,
+ this also helps users identify mirrors which are no longer
+ updated. However, some repositories such as historic archives
+ are not updated any more by design, so this check can be
+ disabled by setting this option to <literal>no</literal>.
+ Defaults to the value of configuration option
+ <option>Acquire::Check-Valid-Until</option> which itself
+ defaults to <literal>yes</literal>.
+ </para></listitem>
+
+ <listitem><para><option>Valid-Until-Min</option>
+ (<option>valid-until-min</option>) and
+ <option>Valid-Until-Max</option>
+ (<option>valid-until-max</option>) can be used to raise or
+ lower the time period in seconds in which the data from this
+ repository is considered valid. -Max can be especially useful
+ if the repository provides no Valid-Until field on its Release
+ file to set your own value, while -Min can be used to increase
+ the valid time on seldom updated (local) mirrors of a more
+ frequently updated but less accessible archive (which is in the
+ sources.list as well) instead of disabling the check entirely.
+ Default to the value of the configuration options
+ <option>Acquire::Min-ValidTime</option> and
+ <option>Acquire::Max-ValidTime</option> which are both unset by
+ default.