Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.9.1 2023-06-27T17:21:47Z 2023-06-27T17:21:47Z Julian Andres Klode julian.klode@canonical.com 2023-06-27T17:14:43Z urn:sha1:aba813975abb880f8b27d659147f7760c02f99e7 We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors. 2023-02-27T13:01:52Z Julian Andres Klode julian.klode@canonical.com 2023-02-27T13:01:27Z urn:sha1:0899b69b2b613f8b28e270f49d8a2fd23cbfbd77 This test did not work with umask 0002 2023-02-04T16:56:41Z David Kalnischkies david@kalnischkies.de 2023-01-29T22:24:43Z urn:sha1:9712edf6151308148518058bfbd5ccd937509143 In an ideal world everyone would read release notes, but if the last sources.list change is any indication a lot of people wont. This is even more a problem in so far as apt isn't producing errors for invalid repositories, but instead carries on as normal even through it will not be able to install upgrades for the moved packages. This commit implements two scenarios and prints a notice in those cases pointing to the release notes: a) User has 'non-free' but not 'non-free-firmware' b) User has a firmware package which isn't available from anywhere Both only happen if we are talking about a repository which identifies itself as one of Debian and is for a release codenamed bookworm (or sid). Note that as (usually) apt/oldstable is used to upgrade to the new stable release these suggestions only show for users after they have upgraded to bookworm on apt command line usage after that. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-14T15:07:22Z urn:sha1:8580574ec63fedd39a3ab3b9f0025e08eae5f620 The feature exists for a long while even if we get around to document it properly only now, so we should push for its adoption a bit to avoid the problems its supposed to solve like avoiding usage of non-world readable configuration files as they can cause strange behaviour for the unsuspecting user (like different solutions as root and non-root). 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-14T11:49:33Z urn:sha1:054243fd0febfef5f1ba89f61eed0e6a34c6a25f We detect the effected sources by matching Release info – that has potential by-catch of repositories which have incorrect field values, but those are better fixed now anyhow. The bigger incorrectness is that this message will not only be printed for the Debian services itself but also for all mirrors not under Debian control but serving Debian like more local/private mirrors which will not (directly) shutdown. It is likely through that many of them will follow suite with less visible announcements or break downright if their upstream source disappears, so having false-positives here seems benefitial for the user in the end.