summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-03-18 14:46:24 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-06-22 14:05:01 +0200
commit952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch)
tree098154a03b1616e00289074eda11d4bee72ead8c /apt-pkg
parentb1bdfe682054ea6fc202416968c5342d59b403b1 (diff)
forbid insecure repositories by default expect in apt-get
With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/init.cc5
1 files changed, 1 insertions, 4 deletions
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index a41d604d3..c77e8e2fe 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -86,10 +86,7 @@ bool pkgInitConfig(Configuration &Cnf)
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$");
// Repository security
- // FIXME: this is set to "true" for backward compatibility, once
- // jessie is out we want to change this to "false" to
- // improve security
- Cnf.CndSet("Acquire::AllowInsecureRepositories", true);
+ Cnf.CndSet("Acquire::AllowInsecureRepositories", false);
Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false);
// Default cdrom mount point