SLUG Mailing List Archives - Re: [SLUG] Further to the deadly authentication.

Subject: Re: [SLUG] Further to the deadly authentication.
From: "Martin Visser" <martinvisser99@xxxxxxxxx>
Date: Thu, 22 May 2008 15:54:20 +1000
Cc: SLUG <slug@xxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=5AbxrI7kV1HqHAhq9z7sjncu5x6f8dHJi1EvQSpxMuI=; b=gUrJAnCdmeUnSyKHTBx1yhODNzLDOOPlNo9jtkKlGBNaWZcjnbaLie/G137J4x4gZkf4XURulVDM3mMs4xd5ENlIUGaC3bGsHgiSUWENPbmFTKG2OiUkp3GB4SJnCDLapXjtPygM8rVTBAsivBpbRqfDULaVu8LjdgKNUAlvtj8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M2mEsWRDfnrfTd4Y9Za5JjKFkcHhqwm7W8vbhjmULyXUlfff/5T20zRymtc75tn4Ur06vdda2Jm5mbMAUBz7c4VIftGR1kAWJaudXFFOl5zWSxIgGx7yEf+L5KZ84o+fia/vyJVKOGwE349us6pd2V68MXgzKhpZRV0Bvh7DL0k=

Yes, I have always thought that there is something broken in the
mirror process.

My guess is that the mirror process works alphabettically through the
tree, hence .../ubuntu/dists/<release>/main/<arch>/Packages.* gets
mirrored before .../ubuntu/pool/main/<dir>/*.deb does. Hence there is
a pretty good chance you will be trying to update packages that aren't
available yet.

Maybe I have that wrong (LazyWeb please illuminate) but I still wonder
why it sometime Just Doesn't Work (TM) ;-)

Martin

On Sun, May 18, 2008 at 8:51 AM, Amos Shapira <amos.shapira@xxxxxxxxx> wrote:
> On Sun, May 18, 2008 at 8:26 AM, Erik de Castro Lopo
> <mle+slug@xxxxxxxxxxxxx> wrote:
>>> >    LANG=
>>> >    sudo apt-get update
>>>
>>> Well, I did, although I like to know what I'm doing. The sudo etc I
>>> understand, but what's LANG= please?
>>
>> Did this then allow you to install the software without having to
>> install software that was un-authenticated? If so, then the update
>> grabbed the the digital signatures.
>
> I sometimes (not many, two or three times in a last year, most of them
> relatively recently) find unsigned packages in aptitude. I suspect
> that it happens when I "apt-get update" while the mirror is being
> updated.
>
> I suppose that as long as you don't mess around with untrusted
> sources, and make sure that the "U" is removed when you actually
> install the package, then you are pretty safe.
>

Follow-Ups:
- Re: [SLUG] Further to the deadly authentication.
  - From: Mary Gardiner

References:
- [SLUG] The deadly authentication.
  - From: wbennett
- Re: [SLUG] The deadly authentication.
  - From: Erik de Castro Lopo
- Re: [SLUG] Further to the deadly authentication.
  - From: wbennett
- Re: [SLUG] Further to the deadly authentication.
  - From: Erik de Castro Lopo
- Re: [SLUG] Further to the deadly authentication.
  - From: Amos Shapira

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] MythTV = Media Centre ++
Next by Date: Re: [SLUG] Further to the deadly authentication.
Previous by thread: Re: [SLUG] Further to the deadly authentication.
Next by thread: Re: [SLUG] Further to the deadly authentication.