On 04/15/12 15:31, Axel Beckert wrote:
Hi,
FOSS tech. support wrote:
I suggest, when aptitude doesn't find a package in all mirrors, it
should automatically look out in snapshot.debian.org to fetch the
package.
I don't think that's a good idea:
It circumvents the package signing as AFAIK APT and friends just look
on the signature of the package lists and hashsums, not on the
individual package signature -- that's just done before including a
package in the archive.
Additionally, if a package is not on the mirrors, but on snapshot.d.o,
it's very likely outdated and shouldn't be installed for that reason
unless explicitly wanted.
And snapshot.d.o is likely not capable of coping with the load this
would cause as it is not meant to be a mirror.
OTOH adding some user interface for explicity retrieving packages from
snapshot.d.o shouldn't hurt. But that depends a lot on the actual user
interface and is hence not likely generalised (except may be the
downloading backend).
So it'll be disabled by default.
I've found this to be problematic on desktop systems where upgrading
requires HUGE volumes of downloads and sometimes breaks the system (I
know testing is testing...), so the user may prefer not to upgrade.
Instead of directly fetching, I think links to snapshot.debian.org
should be added in source.list automatically... but by default this'll
be disabled. What do you think?
The same should be implemented in all apt implementations like
software centre (it uses APT python right?), apt-get, synaptic
etc...
If that's really the case (see discussion above), then this bug better
should be filed against APT itself and not aptitude.
Regards, Axel
I'll do so.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
