Bug#990385: apt: allow to set Valid-Until-Min/Valid-Until-Max = 0 to ignore defaults
On Mon, 2021-06-28 at 10:20 +0200, Julian Andres Klode wrote:
> How is this different from setting Check-Valid-Until to no?
I think the difference is the following:
If one sets Check-Valid-Until it means that the Valid-Until: header i
really not checked at all.
So my use-case was about the following:
- the admin sets a ("default") maximum validity period in apt.conf,
should it be forgotten to set something in sources.list.
- that breaks, of course, for repos which have their Release file
rarely updated, e.g. local repos which are perhaps only updated on
demand, or stable, which also seems to be only updated (in terms of
Date: header) when a new point release comes out (which btw: seems
like opening the possibility for blocking/replay attacks?)
Now I can of course set:
Check-Valid-Until: no
on these repos, but that would also mean that the check is completely
gone... while I would just want to ignore my Acquire::Max-ValidTime
setting... and not if the Release file should in future perhaps get
some proper Valid-Until: header.
> And doesn't
> setting it to -1 do this already (I have not checked, but the time
> seems
> parsed as unsigned).
>
> Setting it to 0 means the same as not setting it, and hacking around
> that would be odd, also -1 is more natural anyway.
I think I had tried -1, but that didn't work.
Reply to: