diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-03-18 14:46:24 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-22 14:05:01 +0200 |
commit | 952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch) | |
tree | 098154a03b1616e00289074eda11d4bee72ead8c /apt-pkg | |
parent | b1bdfe682054ea6fc202416968c5342d59b403b1 (diff) |
forbid insecure repositories by default expect in apt-get
With this commit all APT-based clients default to refusing to work with
unsigned or otherwise insufficently secured repositories. In terms of
apt and apt-get this changes nothing, but it effects all tools using
libapt like aptitude, synaptic or packagekit.
The exception remains apt-get for stretch for now as this might break
too many scripts/usecases too quickly.
The documentation is updated and extended to reflect how to opt out or
in on this behaviour change.
Closes: 808367
Diffstat (limited to 'apt-pkg')
-rw-r--r-- | apt-pkg/init.cc | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index a41d604d3..c77e8e2fe 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -86,10 +86,7 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$"); // Repository security - // FIXME: this is set to "true" for backward compatibility, once - // jessie is out we want to change this to "false" to - // improve security - Cnf.CndSet("Acquire::AllowInsecureRepositories", true); + Cnf.CndSet("Acquire::AllowInsecureRepositories", false); Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false); // Default cdrom mount point |