]> git.saurik.com Git - apt.git/commit
handle weak-security repositories as unauthenticated
authorDavid Kalnischkies <david@kalnischkies.de>
Thu, 17 Mar 2016 15:36:14 +0000 (16:36 +0100)
committerDavid Kalnischkies <david@kalnischkies.de>
Wed, 22 Jun 2016 12:05:01 +0000 (14:05 +0200)
commitab94dcece2465f824bea80fc9158bf9a028b2e87
treed4aed383e010d64ca5a689216b36ab28929c06a8
parent57f7fb6511fcc7c55ee7a88475d15385093c048e
handle weak-security repositories as unauthenticated

APT can be forced to deal with repositories which have no security
features whatsoever, so just giving up on repositories which "just" fail
our current criteria of good security features is the wrong incentive.

Of course, repositories are better of fixing their setup to provide the
minimum of security features, but sometimes this isn't possible:
Historic repositories for example which do not change (anymore).

That also fixes problem with repositories which are marked as trusted,
but are providing only weak security features which would fail the
parsing of the Release file.

Closes: 827364
apt-pkg/acquire-item.cc
apt-pkg/deb/debmetaindex.cc
test/integration/test-apt-update-weak-hashes