Cyril Brulebois: > Patrick Schleizer <adrela...@riseup.net> (2015-03-18): >> Hi, >> >> I was running: >> sudo apt-build install ccache >> >> And the output contained a message: >> >> WARNING: The following packages cannot be authenticated! >> ccache >> Authentication warning overridden. >> >> Is this just how apt-build works or could this be a security issue due >> to installing unauthenticated packages? > > It probably wouldn't happen if the source snippet added at > installation time would be using “deb [trusted=yes]” instead of just > “deb”. Manually editing /etc/apt/sources.list.d/apt-build.list seems > to confirm that. [...]
That works for me on jessie, but not on wheezy. But... Doesn't this just silence the warning? I mean, adding '[trusted=yes]' to the local apt line is safe, sure. But the original issue was, that the message 'Authentication warning overridden.' is auto generated. I.e. apt-build used apt-get in a way to ignore such warnings. There is one line in apt-build source code that includes '-o Apt::Get::AllowUnauthenticated=true'. So if some other packages from a remote repository could not be authenticated, another 'Authentication warning overridden.' could happen? For testing purposed, I removed the part '-o Apt::Get::AllowUnauthenticated=true' from apt-build. 'apt-build install' is still functional. I don't understand the code to say if that is a good idea. What do you think? Should that part be removed? Cheers, Patrick -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550aee86.7000...@riseup.net
