X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/077cb5273b2d6f8d2193e80242cc80419d769a12..4e99adb0d3727c0ae41edc9b3f52448d0d5b7655:/debian/NEWS diff --git a/debian/NEWS b/debian/NEWS index 003258e2d..67275f6e4 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,19 +1,38 @@ -apt (1.2) unstable; urgency=medium +apt (1.4~beta1) unstable; urgency=medium + + Support for GPG signatures using the SHA1 or RIPE-MD/160 hash + algorithms has been disabled. Repositories using Release files + signed in such a way will stop working. This change has been made + due to security considerations, especially with regards to possible + further breakthroughs in SHA1 breaking during the lifetime + of this APT release series. + + It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous + behaviour by setting the options + APT::Hashes::SHA1::Weak "yes"; + APT::Hashes::RIPE-MD/160::Weak "yes"; + Note that setting these options only affects the verification of the overall + repository signature. + + -- Julian Andres Klode Fri, 25 Nov 2016 13:19:32 +0100 + +apt (1.2~exp1) experimental; urgency=medium [ Automatic removal of debs after install ] - After packages are successfully installed by apt(1), + After packages are successfully installed by apt(8), the corresponding .deb package files will be removed from the /var/cache/apt/archives cache directory. This can be changed by setting the apt configuration option - "APT::Keep-Downloaded-Packages" to "true". E.g: + "Binary::apt::APT::Keep-Downloaded-Packages" to "true". E.g: - # echo 'APT::Keep-Downloaded-Packages "true";' \ + # echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' \ > /etc/apt/apt.conf.d/01keep-debs Please note that the behavior of apt-get is unchanged. The downloaded debs will be kept in the cache directory after they - are installed. + are installed. To enable the behavior for other tools, you can set + "APT::Keep-Downloaded-Packages" to false. [ Compressed indices ] If you use Acquire::gzipIndexes, or any other compressed index targets,