* New upstream release:
- Add support for repository fingerprints, and retrieve them from
openprinting.org when available.
- Allow binary drivers if they have a valid GPG fingerprint on a trusted
https:// site. This is a lot weaker than our usual archive trust chain,
but as it's very hard to get a chain of trust to printer driver vendors,
relying on good SSL certificates is the next best step, and still much
better than what the average user does when searching and downloading a
driver by himself.
- Add API for retrieving and installing a GPG key based on a fingerprint.
- Merge add_repository() into install_package(), which is much more
practical for verifying whether a package in a new repository ist
trustworthy.
* jockey/oslib.py, tests/oslib.py: Update for merged add_repository(), and
implement GPG retrieval and repository trust checking. This now provides
secure binary third-party drivers. (LP: #604698)
* tests/oslib.py, test_ubuntu_package_header_modaliases(): Fix typo in
regular expression which didn't catch "fglrx" before.
* data/handlers/fglrx.py, data/handlers/nvidia.py: Disable these two
handlers in a live system environment (if /rofs exists). We will most
likely run out of RAM trying to download, build, and install all the
packages in the RAM disk. (LP: #685017)
-- Martin Pitt <email address hidden> Thu, 06 Jan 2011 19:13:24 +0100
This bug was fixed in the package jockey - 0.7-0ubuntu1
---------------
jockey (0.7-0ubuntu1) natty; urgency=low
* New upstream release: ing.org when available. package_ header_ modaliases( ): Fix typo in fglrx.py, data/handlers/ nvidia. py: Disable these two
- Add support for repository fingerprints, and retrieve them from
openprint
- Allow binary drivers if they have a valid GPG fingerprint on a trusted
https:// site. This is a lot weaker than our usual archive trust chain,
but as it's very hard to get a chain of trust to printer driver vendors,
relying on good SSL certificates is the next best step, and still much
better than what the average user does when searching and downloading a
driver by himself.
- Add API for retrieving and installing a GPG key based on a fingerprint.
- Merge add_repository() into install_package(), which is much more
practical for verifying whether a package in a new repository ist
trustworthy.
* jockey/oslib.py, tests/oslib.py: Update for merged add_repository(), and
implement GPG retrieval and repository trust checking. This now provides
secure binary third-party drivers. (LP: #604698)
* tests/oslib.py, test_ubuntu_
regular expression which didn't catch "fglrx" before.
* data/handlers/
handlers in a live system environment (if /rofs exists). We will most
likely run out of RAM trying to download, build, and install all the
packages in the RAM disk. (LP: #685017)
-- Martin Pitt <email address hidden> Thu, 06 Jan 2011 19:13:24 +0100