Linux News Today: APT 1.3 Debian Package Manager to Forbid Insecure Repositories by Default
The APT 1.3 development continues at a fast pace, and it looks like it has just received yet another snapshot, apt 1.3~exp3, the third one in the series, which brings more goodies to the upcoming major release of the Debian GNU/Linux package manager.
Julian Andres Klode has been the one to report on the release of APT (Advanced Package Tool) 1.3 experimental 3 build, along with the latest unstable APT 1.2.14 release, which is now available for Debian Unstable and other Debian-based operating systems, such as Ubuntu Linux.
Things are looking good for the APT 1.3 command-line package manager, and it appears that caching of file hashes has been re-implemented in the apt-ftparchive command, insecure and weak allow-options have been added to sources.list, and APT now makes sure that the file size of .deb packages is included in the hashes list.
In order to indicate insufficiency, a tag has been added to hash errors, and it looks like the error messages have been improved for insufficient hashsums. Moreover, APT 1.3 will no longer attempt to uppack the source archive if the download is skipped, and the FindFile functionality will no longer be used for external Dir::Bin commands.
Insecure repositories will be forbidden by default, except in apt-get
Another interesting change that landed for APT 1.3 is the ability to completely forbid insecure repositories by default, except in apt-get. Furthermore, the package manger will be able to handle repositories with weak security as unauthenticated. More details should be found here and here.
There are many other small improvements implemented in this third experimental build of APT 1.3, so we recommend that you take a look at the changelog for more details. In the meantime, the APT 1.2.14 package manager landed for Debian Unstable, and you can download the sources right now via our website.