+"<option>Allow-Insecure</option> (<option>allow-insecure</option>), "
+"<option>Allow-Weak</option> (<option>allow-weak</option>) and "
+"<option>Allow-Downgrade-To-Insecure</option> "
+"(<option>allow-downgrade-to-insecure</option>) are boolean values which all "
+"default to <literal>no</literal>. If set to <literal>yes</literal> they "
+"circumvent parts of &apt-secure; and should therefore not be used lightly!"
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Trusted</option> (<option>trusted</option>) is a tri-state value "
+"which defaults to APT deciding if a source is considered trusted or if "
+"warnings should be raised before e.g. packages are installed from this "
+"source. This option can be used to override that decision. The value "
+"<literal>yes</literal> tells APT always to consider this source as trusted, "
+"even if it doesn't pass authentication checks. It disables parts of "
+"&apt-secure;, and should therefore only be used in a local and trusted "
+"context (if at all) as otherwise security is breached. The value "
+"<literal>no</literal> does the opposite, causing the source to be handled as "
+"untrusted even if the authentication checks passed successfully. The default "
+"value can't be set explicitly."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Signed-By</option> (<option>signed-by</option>) is either an "
+"absolute path to a keyring file (has to be accessible and readable for the "
+"<literal>_apt</literal> user, so ensure everyone has read-permissions on the "
+"file) or one or more fingerprints of keys either in the "
+"<filename>trusted.gpg</filename> keyring or in the keyrings in the "
+"<filename>trusted.gpg.d/</filename> directory (see <command>apt-key "
+"fingerprint</command>). If the option is set, only the key(s) in this "
+"keyring or only the keys with these fingerprints are used for the "
+"&apt-secure; verification of this repository. Defaults to the value of the "
+"option with the same name if set in the previously acquired "
+"<filename>Release</filename> file. Otherwise all keys in the trusted "
+"keyrings are considered valid signers for this repository."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Check-Valid-Until</option> (<option>check-valid-until</option>) is "
+"a yes/no value which controls if APT should try to detect replay attacks. A "
+"repository creator can declare a time until which the data provided in the "
+"repository should be considered valid, and if this time is reached, but no "
+"new data is provided, the data is considered expired and an error is "
+"raised. Besides increasing security, as a malicious attacker can't send old "
+"data forever to prevent a user from upgrading to a new version, this also "
+"helps users identify mirrors which are no longer updated. However, some "
+"repositories such as historic archives are not updated any more by design, "
+"so this check can be disabled by setting this option to "
+"<literal>no</literal>. Defaults to the value of configuration option "
+"<option>Acquire::Check-Valid-Until</option> which itself defaults to "
+"<literal>yes</literal>."
+msgstr ""
+
+#. type: Content of: <refentry><refsect1><para><itemizedlist><listitem><para>
+#: sources.list.5.xml:1
+msgid ""
+"<option>Valid-Until-Min</option> (<option>valid-until-min</option>) and "
+"<option>Valid-Until-Max</option> (<option>valid-until-max</option>) can be "
+"used to raise or lower the time period in seconds in which the data from "
+"this repository is considered valid. -Max can be especially useful if the "
+"repository provides no Valid-Until field on its Release file to set your own "
+"value, while -Min can be used to increase the valid time on seldom updated "
+"(local) mirrors of a more frequently updated but less accessible archive "
+"(which is in the sources.list as well) instead of disabling the check "
+"entirely. Default to the value of the configuration options "
+"<option>Acquire::Min-ValidTime</option> and "
+"<option>Acquire::Max-ValidTime</option> which are both unset by default."