apt/doc/sources.list.5.xml, branch 1.3_pre1Debians commandline package managerhttps://git.kalnischkies.de/apt/atom?h=1.3_pre12016-07-07T18:39:03ZRelease 1.3~pre12016-07-07T18:39:03ZJulian Andres Klodejak@debian.org2016-07-07T18:38:00Zurn:sha1:4bdf29d39c401ac479f6486469328fa648f9feabRelease 1.3~exp32016-06-22T12:51:31ZJulian Andres Klodejak@debian.org2016-06-22T12:51:31Zurn:sha1:14e325c7e4b33e8fc6d33b99d1ffd3b934d26ed0
Quite a huge churn of new strings.
add insecure (and weak) allow-options for sources.list2016-06-22T12:05:01ZDavid Kalnischkiesdavid@kalnischkies.de2016-06-20T18:50:43Zurn:sha1:d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a
Weak had no dedicated option before and Insecure and Downgrade were both
global options, which given the effect they all have on security is
rather bad. Setting them for individual repositories only isn't great
but at least slightly better and also more consistent with other
settings for repositories.
Release 1.3~exp22016-06-11T15:25:20ZJulian Andres Klodejak@debian.org2016-06-11T15:24:13Zurn:sha1:5ff8dd6bd1c30c29a7398e339d3bdeaffe2f4489Release 1.3~exp12016-05-11T08:51:06ZJulian Andres Klodejak@debian.org2016-05-11T08:51:06Zurn:sha1:5b0577488ff60e7163fe7dc62a044329d398d726implement Identifier field for IndexTargets2016-05-08T16:15:28ZDavid Kalnischkiesdavid@kalnischkies.de2016-05-08T16:03:48Zurn:sha1:39c724b4848ef8d85c8c425f982dda85f0df1277
A frontend like apt-file is only interested in a specific set of files
and selects those easily via "Created-By". If it supports two locations
for those files through it would need to select both and a user would
need to know that implementation detail for sources.list configuration.
The "Identifier" field is hence introduced which by default has the same
value as "Created-By", but can be freely configured – especially it can
be used to give two indexes the same identifier.
support Signed-By in Release files as a sort of HPKP2016-05-01T08:50:24ZDavid Kalnischkiesdavid@kalnischkies.de2016-04-29T14:48:16Zurn:sha1:89901946f936446f439b95f1a9a85ac942ac2c92
Users have the option since apt >= 1.1 to enforce that a Release file is
signed with specific key(s) either via keyring filename or fingerprints.
This commit adds an entry with the same name and value (except that it
doesn't accept filenames for obvious reasons) to the Release file so
that the repository owner can set a default value for this setting
effecting the *next* Release file, not the current one, which provides a
functionality similar "HTTP Public Key Pinning". The pinning is in
effect as long as the (then old) Release file is considered valid, but
it is also ignored if the Release file has no Valid-Until at all.
support multiple fingerprints in signed-by2016-05-01T08:50:24ZDavid Kalnischkiesdavid@kalnischkies.de2016-04-29T08:16:42Zurn:sha1:46e00c9062d09a642973e83a334483db1f310397
A keyring file can include multiple keys, so its only fair for
transitions and such to support multiple fingerprints as well.
change debian related entities to a more explicit name2016-01-14T16:33:58ZDavid Kalnischkiesdavid@kalnischkies.de2016-01-14T15:11:28Zurn:sha1:9feb98eb0aeed775f78cb4afbf6bc0e3a90e9fed
Git-Dch: Ignore
release apt 1.12015-11-26T13:39:14ZMichael Vogtmvo@ubuntu.com2015-11-26T11:41:49Zurn:sha1:4c482ac554e1b533d98661de8585d5861d9ac562