On Sun, May 3, 2015 at 6:49 PM, Michael Gilbert <mgilb...@debian.org> wrote: > On Sat, May 2, 2015 at 1:14 PM, Sandro Tosi wrote: >>> and/or non-debian sources.list in reportbug >>> reports generated on such systems. >> >> how does a non-debian entry in sources.list look like? with debian >> mirrors and internal/organizational mirrors, the chance of false >> positive/negative is very high. > > It could be a matter of looking for packages that aren't in a Packages > file with a correct checksum specified by an InRelease file signed by > one of the Debian Archive Signing keys (using files cached in > /var/lib/apt/lists). If the cache is missing or there is something > wrong, could state that in the report instead.
a package could be only in the local cache, because superseded by a newer version, so it wont be in the Packages and thus the check will report a fail positive. It seems very fragile. also, this seems like a very corner case (a package maintain both inside and outside debian, with a clear "communication breakdown" between the 2 parties), so either Debian provides a way to retrieve the information if a package is coming from a Debian archive or not, I not inclined to introduce another heuristic in reportbug. Regards, -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
