I've just stumbled across this bug. It was rather difficult to
identify. The effect (in my case) is that packages are listed as being
from an untrusted source. Seems like that might warrant more than minor
severity.
The first two lines of the update are:
Ign http://kite testing Release.gpg
Hit http://kite testing/updates Release.gpg
apt-get sends requests for both of these in the same packet and the
server (dhttpd) sends back the first only (with no file name). apt-get
assumes the data is for the second. So there is no signature for the
testing Release file and its packages are marked untrusted.
If the pipelining bug isn't worth fixing, perhaps a warning could be
given that a file couldn't be found and it's one we might care about.
Thanks!
Dave
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
