git.saurik.com Git - apt.git/commit - apt-pkg/acquire-item.cc

author	David Kalnischkies <david@kalnischkies.de>
	Thu, 17 Mar 2016 15:36:14 +0000 (16:36 +0100)
committer	David Kalnischkies <david@kalnischkies.de>
	Wed, 22 Jun 2016 12:05:01 +0000 (14:05 +0200)
commit	ab94dcece2465f824bea80fc9158bf9a028b2e87
tree	d4aed383e010d64ca5a689216b36ab28929c06a8	tree \| snapshot
parent	57f7fb6511fcc7c55ee7a88475d15385093c048e	commit \| diff

handle weak-security repositories as unauthenticated

APT can be forced to deal with repositories which have no security
features whatsoever, so just giving up on repositories which "just" fail
our current criteria of good security features is the wrong incentive.

Of course, repositories are better of fixing their setup to provide the
minimum of security features, but sometimes this isn't possible:
Historic repositories for example which do not change (anymore).

That also fixes problem with repositories which are marked as trusted,
but are providing only weak security features which would fail the
parsing of the Release file.

Closes: 827364

apt-pkg/acquire-item.cc		diff \| blob \| blame \| history
apt-pkg/deb/debmetaindex.cc		diff \| blob \| blame \| history
test/integration/test-apt-update-weak-hashes		diff \| blob \| blame \| history