SLUG Mailing List Archives
Re: [SLUG] Further to the deadly authentication.
- Subject: Re: [SLUG] Further to the deadly authentication.
- From: "Martin Visser" <martinvisser99@xxxxxxxxx>
- Date: Thu, 22 May 2008 15:54:20 +1000
- Cc: SLUG <slug@xxxxxxxxxxx>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=5AbxrI7kV1HqHAhq9z7sjncu5x6f8dHJi1EvQSpxMuI=; b=gUrJAnCdmeUnSyKHTBx1yhODNzLDOOPlNo9jtkKlGBNaWZcjnbaLie/G137J4x4gZkf4XURulVDM3mMs4xd5ENlIUGaC3bGsHgiSUWENPbmFTKG2OiUkp3GB4SJnCDLapXjtPygM8rVTBAsivBpbRqfDULaVu8LjdgKNUAlvtj8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M2mEsWRDfnrfTd4Y9Za5JjKFkcHhqwm7W8vbhjmULyXUlfff/5T20zRymtc75tn4Ur06vdda2Jm5mbMAUBz7c4VIftGR1kAWJaudXFFOl5zWSxIgGx7yEf+L5KZ84o+fia/vyJVKOGwE349us6pd2V68MXgzKhpZRV0Bvh7DL0k=
Yes, I have always thought that there is something broken in the
My guess is that the mirror process works alphabettically through the
tree, hence .../ubuntu/dists/<release>/main/<arch>/Packages.* gets
mirrored before .../ubuntu/pool/main/<dir>/*.deb does. Hence there is
a pretty good chance you will be trying to update packages that aren't
Maybe I have that wrong (LazyWeb please illuminate) but I still wonder
why it sometime Just Doesn't Work (TM) ;-)
On Sun, May 18, 2008 at 8:51 AM, Amos Shapira <amos.shapira@xxxxxxxxx> wrote:
> On Sun, May 18, 2008 at 8:26 AM, Erik de Castro Lopo
> <mle+slug@xxxxxxxxxxxxx> wrote:
>>> > LANG=
>>> > sudo apt-get update
>>> Well, I did, although I like to know what I'm doing. The sudo etc I
>>> understand, but what's LANG= please?
>> Did this then allow you to install the software without having to
>> install software that was un-authenticated? If so, then the update
>> grabbed the the digital signatures.
> I sometimes (not many, two or three times in a last year, most of them
> relatively recently) find unsigned packages in aptitude. I suspect
> that it happens when I "apt-get update" while the mirror is being
> I suppose that as long as you don't mess around with untrusted
> sources, and make sure that the "U" is removed when you actually
> install the package, then you are pretty safe.