On Wed, Sep 16, 2009 at 3:54 PM, Russ Allbery <[email protected]> wrote: > Lee Winter <[email protected]> writes: >> Goswin von Brederlow <[email protected]> wrote: > >>> This has one minor drawback though: The combined apt repository will be >>> unsigned (you do not want to do that) or signed by a local key. > >> Why is that? > > Because the package lists from the two separate repositories are > independently signed, and since you don't have access to the signing key, > there's no way to combine them into a single package list and still have a > valid signature without changing keys. > >> Right now the client's need three entries for lenny, security, and >> volatile as if they came from separate mirrors. I would like to keep >> the repositories independent but have one "debian" section in >> sources.list. Is that not possible? > > There's a one-to-one correspondance between an entry in sources.list and > the metadata that apt expects to find in the repository, which in turn is > signed. You would have to combine the metadata in order to combine the > sources.list lines, which would then require resigning the metadata.
OK, this is where it starts to get interesting. I didn't see much more than passing references to this in the apt doc. Did I miss it or are there other docs that describe the repository structure? Should I be looking at the doc about creating packages or for creating releases? BTW, thanks for the clear/concise response. Lee Winter NP Engineering Nashua, New Hampsire -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
