On lun., 2010-07-05 at 22:30 +0900, Junichi Uekawa wrote: > Yeah, I am annoyed that will require some setup on the users, but I > will add configurability for the users who use malicious repositories > per se.
I have to admit I'm pretty annoyed too
>
> To really implement this thing, you need support for
>
> Ubuntu, et al. (currently broken with the recent change)
> Some way to add key for whatever extra repository, (not implemented)
> Document how you do local repositories. (currently broken with recent change)
>
Does this mean there's no way to have local, unsigned repositories at
the moment? I have a working (well, had) setup which uses BUILDRESULT as
an apt source so I can build the whole Xfce stack (or evolution one, for
that matter) in a row. That means I need to push just build packages as
build-deps, and it /is/ a valid use-case.
There's no point in authenticating the repository here, it's local,
manually (and a bit painfully) configured. I don't buy the “security”
argument, sorry.
I've tried to play with various options:
- changing PBUILDERSATISFYDEPENDSCMD to use gdebi so APTGETOPT would be
used : doesn't work
- try to force APTGETOPT=('--force-yes') : doesn't work
- try to unset PBUILDERSATISFYDEPENDSOPT : doesn't work
So I'm a bit puzzled. At the moment, what is the way to do that? If
there are none, I'm afraid it'll break quite a lot of setups. If there
are, I guess they'll need to be explained a bite more.
Cheers,
--
Yves-Alexis
signature.asc
Description: This is a digitally signed message part
