[00:00] <stgraber> but if you strip the gpg signature from archive.u.c or security.u.c, it'll complain (or even skip/ignore the archive entirely, not sure)
[00:01] <penguin42> stgraber: Would it do it if the machine had a fresh install of ubuntu and had never consulted security. before?
[00:02] <stgraber> penguin42: IIRC a default live install has archive.u.c and security.u.c lists in /var/lib/apt so yes, it'd complain
[00:03] <stgraber> penguin42: netinstall may be a bit different though, I don't think I ever tried it to be honnest (d-i may have a specific check for that)
[00:05] <elmo> I'm pretty sure we fixed the downgrade case a few years back, but I can't find a useful LP reference, the bug in the apt changelog is wrong
[00:06] <elmo> but it'd be pretty easy for someone to verify independently...
[00:39] <cjwatson> penguin42: the installer contains prefetched valid signatures for archive/security Release files
[00:40] <cjwatson> penguin42: it forces those into place right from the start to prevent unsigned-archive attacks for those archives
[00:40] <penguin42> sounds safe then
[00:42] <cjwatson> I'm not at all convinced by that blog - there are definitely design constraints that prevent that attack and I've personally seen them tripping when network errors result in Packages checksums not matching what's in Release
[00:44] <penguin42> seems an odd thing for him to post if it doesn't work
[00:47] <cjwatson> perhaps something else had gone wrong first; hard to say
[00:48] <cjwatson> having nuked /var/lib/apt/lists/ for some reason and then recreated it could do it, for instance
[01:19] <infinity> cjwatson: I'll note that his screenshots conspicuously omit the parts where apt would normally complain about unsigned/broken files.
[02:30] <bbrelin> Hello all.
[02:30] <bbrelin> anybody alive on this channel?
[02:31] <solid_liq> nope, only zombies are allowed here
[02:31] <solid_liq> so, if you're alive, go away!!!    woooOOOooooOOo  aaaaAAaaaAAaAHHHH!!!
[02:31] <solid_liq> ;)
[02:39] <bbrelin> LOL.  Is there a kernel issue in 11.10 with the wireless device and Toshiba Satellite Pro laptops?
[02:39] <bbrelin> I've got a Toshiba and when I upgraded to 11.10 the wireless device stopped working.
[02:40] <bbrelin> I'm hearing horrible things, like to fix this I have to install Windows XP to turn on FN-F8,, etc. to configure the wireless device.
[02:41] <bbrelin> anybody here know?
[06:55] <goddard> why isn't the touch pad indicator standard in ubuntu can I make this suggestions some where?
[12:49] <jkprg> Hi. I want to modify linux-image-2.6 package (add an additional patch). What's the best way to do it? I assume I need to create a new package. How to name (including version) the package? I also want to protect the package it won't be updated by any standard distribution packages but only by my branch of packages. Thx
[13:13] <penguin42> jkprg: In the way that there are linux-image-3.x.x-generic and linux-image-3.x.x-virtual you could have a linux-image-3.x.x-jkprg
[13:13] <penguin42> or 2.6 in your case
[13:15] <jkprg> penguin42: I see. How to add "-jkprg" to my package name that I would derived from standard one? Is there any variable in kernel package I can modify?
[13:19] <penguin42> now that I can't honestly remember, but I think I'd take a look at the package source for the kernel you want to modify and find where it adds the generic/virtual
[13:27] <jkprg> ok thx