Sorry for the phone reply but Roland Clobus <rclo...@rclobus.nl> schrieb am Di., 21. Jan. 2025, 23:11:
> Hello Julian, > > On 21/01/2025 15:43, Julian Andres Klode wrote: > >> This has been sitting for almost 2 years again; the style of sources > >> apt-setup generate now triggers complaints from apt as APT recommends > >> every source have a signed-by field (and it then goes on to tell you > >> to migrate to deb822 .sources too if a missing signed-by is in a > >> .list file). > > The new version of apt (2.9.24) will now cause a FTBFS for the daily > d-i. This has been noticed already in the daily live ISO images based on > sid. > That sounds like nonsense. I've added Notices, they are only shown in interactive use in the apt(8) command which is not involved anywhere in the process, and they are not fatal either way. I have a question about timing... > This wishlist/change request has been sitting for a long time, but now a > short-term solution is enforced (at least for sid). > > I have been thinking (just to keep the daily sid-based live images > building) to temporarily add a '[trusted=yes]', which is (from a > security point of view) a nightmare, and exactly the opposite of that > what is intended by the specification of a 'signed-by' field. > That's absurd, you could just use signed-by. > With kind regards, Roland Clobus > > [1] https://jenkins.debian.net/view/live/ -> Already 2 sid-based images > are failing, the rest will fail tomorrow. > I see rsync failures there, no apt failures. >
