The local computer time is encoded in the GPG signature:
If you verify using ``gpg --verify``.
gpg: Signature made Fri 14 Feb 2014 09:30:32 PM CET using RSA key ID
B35FEC3C
This was taken from the latest release of apt-cacher-ng [1].
It's contingent on the release system's local time being accurate, but I
bet it's at least accurate to the nearest day, and most likely to the
minute or even second.
[1]
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_0.7.25-1~bpo70+1.dsc
On 18 March 2014 13:34, Julian Andres Klode <j...@jak-linux.org> wrote:
> On Tue, Mar 18, 2014 at 1:30 PM, Malthe Borch <mbo...@gmail.com> wrote:
> > How difficult would it be to implement a pinning policy that only allowed
> > packages released up until some timestamp:
> >
> > -- /etc/apt/preferences --
> >
> > Explanation: I want a system current as of some date.
> > Package: *
> > Pin: release a=stable <= 2014-03-18T12:00:00Z
> >
> > This would be very useful in situations where you test out a staging
> system
> > and want to upgrade a production system. In this case, you'd like to
> ensure
> > that you only get the upgrades you have tested out in the staging
> > environment.
>
> Impossible. We do not know when the packages were released.
>
> --
> Julian Andres Klode - Debian Developer, Ubuntu Member
>
> See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
>
--
---
Malthe Borch
mbo...@gmail.com
