Bug#907916: apt-secure: apt-secure should ignore local file: based repository not having a Release file
Package: apt
Version: 1.4.8
Severity: normal
File: apt-secure
I have a file: based repository:
deb file:/ usr/src/deb/
But apt-get update complains:
W: The repository 'file: usr/src/deb/ Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
This is excessive. A local file based repository is not dangerous to use just because it doesn't have a Release file.
Adding a release file will in no way secure it - anyone with access to change anything, can also change the Release file.
-Ariel
-- System Information:
Debian Release: 9.5
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.9.110 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.115
ii debian-archive-keyring 2017.5
ii gpgv 2.1.18-8~deb9u2
ii init-system-helpers 1.48
ii libapt-pkg5.0 1.4.8
ii libc6 2.24-11+deb9u3
ii libgcc1 1:6.3.0-18+deb9u1
ii libstdc++6 6.3.0-18+deb9u1
Versions of packages apt recommends:
ii gnupg 2.1.18-8~deb9u2
ii gnupg2 2.1.18-8~deb9u2
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.8.7-1
ii dpkg-dev 1.18.25
ii powermgmt-base 1.31+nmu1
ii python-apt 1.4.0~beta3
ii synaptic 0.84.2
-- no debconf information
Reply to: