On Fri, Apr 01, 2005 at 09:46:47AM +0200, Guido Guenther wrote: > On Thu, Mar 31, 2005 at 08:47:06AM -0800, Matt Zimmerman wrote: > > Release files have, and will continue to be, optional. Release.gpg is also > > optional, regardless of whether Release is present. apt-get asks for > > confirmation before installing packages from an unauthenticated source. > It's just kind of inconsistent to complain about bad signatures when > downloading the release and to complain about about unauthenticated > sources at a later stage...but as long as release files are optional > we'll have to live with that.
As long as _signed_ Release files are optional, we'll have to do it this way, and I expect that we'll never be able to require signatures. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
