Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Further to the deadly authentication.

Yes, I have always thought that there is something broken in the
mirror process.

My guess is that the mirror process works alphabettically through the
tree, hence .../ubuntu/dists/<release>/main/<arch>/Packages.* gets
mirrored before .../ubuntu/pool/main/<dir>/*.deb does. Hence there is
a pretty good chance you will be trying to update packages that aren't
available yet.

Maybe I have that wrong (LazyWeb please illuminate) but I still wonder
why it sometime Just Doesn't Work (TM) ;-)


On Sun, May 18, 2008 at 8:51 AM, Amos Shapira <amos.shapira@xxxxxxxxx> wrote:
> On Sun, May 18, 2008 at 8:26 AM, Erik de Castro Lopo
> <mle+slug@xxxxxxxxxxxxx> wrote:
>>> >    LANG=
>>> >    sudo apt-get update
>>> Well, I did, although I like to know what I'm doing. The sudo etc I
>>> understand, but what's LANG= please?
>> Did this then allow you to install the software without having to
>> install software that was un-authenticated? If so, then the update
>> grabbed the the digital signatures.
> I sometimes (not many, two or three times in a last year, most of them
> relatively recently) find unsigned packages in aptitude. I suspect
> that it happens when I "apt-get update" while the mirror is being
> updated.
> I suppose that as long as you don't mess around with untrusted
> sources, and make sure that the "U" is removed when you actually
> install the package, then you are pretty safe.