review and fix the three new apt-transport- manpages

References: https://lists.debian.org/debian-l10n-english/2018/01/msg00002.html
2 years ago · b199b73298
--- a/doc/apt-transport-http.1.xml
+++ b/doc/apt-transport-http.1.xml
@@ -35,30 +35,30 @@ most used of all transports. Note that a transport is never called directly by
 a user but used by APT tools based on user configuration.</para>
 <para>HTTP is an unencrypted transport protocol meaning that the
 whole communication with the remote server (or proxy) can be observed by a
 sufficiently capable attacker referred to commonly as man in the middle (MITM).
 Such an attacker can <emphasis>not</emphasis> modify the communication to compromise
 the security of your system through as APTs data security model is independent of the
 chosen transport method. This is explained in detail in &apt-secure;. An overview over
 sufficiently capable attacker commonly referred to as a "man in the middle" (MITM).
 However, such an attacker can <emphasis>not</emphasis> modify the communication to compromise
 the security of your system, as APT's data security model is independent of the
 chosen transport method. This is explained in detail in &apt-secure;. An overview of
 available transport methods is given in &sources-list;.</para>
 </refsect1>

 <refsect1><title>Options</title>
 <para>Various options are available to modify its behaviour which can be set in
 an &apt-conf; file ranging from proxy configuration to workaround for specific
 server insufficiencies.</para>
 <para>Various options can be set in an &apt-conf; file to modify its behavior,
 ranging from proxy configuration to workarounds for specific
 server limitations.</para>

 <refsect2><title>Proxy Configuration</title>
 <para>The environment variable <envar>http_proxy</envar> is supported for system wide configuration.
 Proxies specific to apt can be configured via the option <literal>Acquire::http::Proxy</literal>.
 Proxies specific to APT can be configured via the option <literal>Acquire::http::Proxy</literal>.
 Proxies which should be used only for certain hosts can be specified via
 <literal>Acquire::http::Proxy::<replaceable>host</replaceable></literal>. Even more finegrained control
 can be achieved via proxy autodetection detailed further below.
 can be achieved via proxy autodetection, detailed further below.
 All these options use the URI format <literal><replaceable>scheme</replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/</literal>.
 Supported URI schemes are <literal>socks5h</literal> (SOCKS5 with remote DNS resolution), <literal>http</literal> and <literal>https</literal>.
 Authentification details can be supplied via &apt-authconf; instead of including it in the URI directly.</para>
 Authentication details can be supplied via &apt-authconf; instead of including it in the URI directly.</para>
 <para>The various APT configuration options support the special value <literal>DIRECT</literal> meaning that
 no proxy should be used. The environment variable <envar>no_proxy</envar> with the same propose is also supported.</para>
 <para>Further more there are three settings provided for cache control with HTTP/1.1 compliant proxy caches:
 no proxy should be used. The environment variable <envar>no_proxy</envar> is also supported for the same purpose.</para>
 <para>Furthermore, there are three settings provided for cache control with HTTP/1.1 compliant proxy caches:
 <literal>Acquire::http::No-Cache</literal> tells the proxy not to use its
 cached response under any circumstances.
 <literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in
@@ -70,8 +70,8 @@ the proxy from polluting its cache with (big) .deb files.</para>

 <refsect2><title>Automatic Proxy Configuration</title>
 <para><literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to
 specify an external command to discover the http proxy to use. The first
 and only parameter is an URI denoting the host to be contacted to allow
 specify an external command to discover the HTTP proxy to use. The first
 and only parameter is a URI denoting the host to be contacted, to allow
 for host-specific configuration. APT expects the command to output the
 proxy on stdout as a single line in the previously specified URI format
 or the word <literal>DIRECT</literal> if no proxy should be used. No output
@@ -93,8 +93,8 @@ disables downloading from multiple servers at the same time.</para>
 <para>The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to
 enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e.g. on
 high-latency connections. It specifies how many requests are sent in a pipeline.
 APT tries to detect and workaround misbehaving webservers and proxies at runtime, but
 if you know that yours does not conform to the HTTP/1.1 specification pipelining can
 APT tries to detect and work around misbehaving webservers and proxies at runtime, but
 if you know that yours does not conform to the HTTP/1.1 specification, pipelining can
 be disabled by setting the value to 0. It is enabled by default with the value 10.</para>
 <para><literal>Acquire::http::AllowRedirect</literal> controls whether APT will follow
 redirects, which is enabled by default.</para>
@@ -102,7 +102,7 @@ redirects, which is enabled by default.</para>
 User-Agent for the http download method as some proxies allow access for clients
 only if the client uses a known identifier.</para>
 <para><literal>Acquire::http::SendAccept</literal> is enabled by default and
 sends a <literal>Accept: text/*</literal> header field to the server for
 sends an <literal>Accept: text/*</literal> header field to the server for
 requests without file extensions to prevent the server from attempting content
 negotiation.</para>
 </refsect2>
--- a/doc/apt-transport-https.1.xml
+++ b/doc/apt-transport-https.1.xml
@@ -30,21 +30,21 @@

 <refsect1><title>Description</title>
 <para>This APT transport allows the use of repositories accessed via the
 HTTP Secure protocol (HTTPS) also referred to as HTTP over TLS. It is available
 by default since apt 1.5 and was before that available in a <package>apt-transport-https</package>
 package. Note that a transport is never called directly by
 HTTP Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available
 by default since apt 1.5 and was available before that in the package
 <package>apt-transport-https</package>. Note that a transport is never called directly by
 a user but used by APT tools based on user configuration.</para>
 <para>HTTP is by itself an unencrypted transport protocol (compare &apt-transport-http;),
 which, as indicated by the appended S is wrapped in an encrypted layer known as
 Transport Layer Security (TLS) which provides end-to-end encryption.
 which, as indicated by the appended S, is wrapped in an encrypted layer known as
 Transport Layer Security (TLS) to provide end-to-end encryption.
 A sufficiently capable attacker can still observe the communication partners
 and deeper analyse of the encrypted communcation might still reveal important details.
 An overview over available alternative transport methods is given in &sources-list;.</para>
 </refsect1>

 <refsect1><title>Options</title>
 <para>The HTTPS protocol is based on the HTTP protocol and as such this implementation
 has the same relation meaning that all options supported by &apt-transport-http; are also
 <para>The HTTPS protocol is based on the HTTP protocol, so
 all options supported by &apt-transport-http; are also
 available via <literal>Acquire::https</literal> and will default to the same values specified
 for <literal>Acquire::http</literal>. This manpage will only document the options
 <emphasis>unique to https</emphasis>.</para>
@@ -55,26 +55,26 @@ for <literal>Acquire::http</literal>. This manpage will only document the option
 the server certificate. An alternative certificate authority (CA) can be
 configured with the <literal>Acquire::https::CAInfo</literal> option and its
 host-specific option <literal>Acquire::https::CAInfo::<replaceable>host</replaceable></literal>.
 The option specifies a file is made of the concatenation of the CA certificates
 (in PEM format) creating the chain used for the verification of the path
 from the root (self signed one). If the remote server provides the
 The CAInfo option specifies a file made up of CA certificates (in PEM format)
 concatenated together to create the chain which APT should use to verify the
 path from your self-signed root certificate. If the remote server provides the
 whole chain during the exchange, the file need only contain the root
 certificate. Otherwise, the whole chain is required. If you need to support
 multiple authorities, the only way is to concatenate everything.</para>
 <para>A custom certificate revocation list (CRL) can be configured with the options
 <literal>Acquire::https::CRLFile</literal> and
 <literal>Acquire::https::CRLFile::<replaceable>host</replaceable></literal> respectively.
 Like the previous option a file in PEM format needs to be specified.</para>
 <literal>Acquire::https::CRLFile::<replaceable>host</replaceable></literal>.
 As with the previous option, a file in PEM format needs to be specified.</para>
 </refsect2>

 <refsect2><title>Disabling security</title>
 <para>When authenticating the server, if the certificate verification fails
 for some reason (expired, revoked, man in the middle, …), the connection fails.
 <para>During server authentication, if certificate verification fails
 for some reason (expired, revoked, man in the middle, etc.), the connection fails.
 This is obviously what you want in all cases and what the default value (true)
 of the option <literal>Acquire::https::Verify-Peer</literal> and its host-specific
 variant provides. If you know <emphasis>exactly</emphasis> what you are doing,
 setting this option to "false" allows you to skip peer certificate verification and
 make the exchange succeed. Again, this option is for debugging or testing purpose
 setting this option to "<literal>false</literal>" allows you to skip peer certificate verification and
 make the exchange succeed. Again, this option is for debugging or testing purposes
 only as it removes all security provided by the use of HTTPS.</para>
 <para>Similarly the option <literal>Acquire::https::Verify-Host</literal> and its
 host-specific variant can be used to deactivate a security feature: The certificate
@@ -83,13 +83,13 @@ DNS name used to access it. By default, as requested by RFC 2818, the name of th
 mirror is checked against the identity found in the certificate. This default behavior
 is safe and should not be changed, but if you know that the server you are using has a
 DNS name which does not match the identity in its certificate, you can set the option to
 "false", which will prevent the comparison to be done.</para>
 "<literal>false</literal>", which will prevent the comparison from being performed.</para>
 </refsect2>

 <refsect2><title>Client authentication</title>
 <para>Beside the password based authentication available (see &apt-authconf;) HTTPS supports
 authentication based on client certificates as well via <literal>Acquire::https::SSLCert</literal>
 and <literal>Acquire::https::SSLKey</literal>. They respectively should be set to the filename of
 <para>Besides supporting password-based authentication (see &apt-authconf;) HTTPS also supports
 authentication based on client certificates via <literal>Acquire::https::SSLCert</literal>
 and <literal>Acquire::https::SSLKey</literal>. These should be set respectively to the filename of
 the X.509 client certificate and the associated (unencrypted) private key, both in PEM format.
 In practice the use of the host-specific variants of both options is highly recommended.</para>
 </refsect2>
--- a/doc/apt-transport-mirror.1.xml
+++ b/doc/apt-transport-mirror.1.xml
@@ -31,44 +31,44 @@
 <refsect1><title>Description</title>
 <para>This APT transport isn't implementing a protocol to access local or remote repositories
 on its own, but acquires a mirrorlist and redirects all requests to the mirror(s) picked from
 this list access via other transports like &apt-transport-http;. The basic functionality is
 available since apt 0.7.24, but was undocumented until apt 1.6 which contained a complete
 this list, accessing them via other transports like &apt-transport-http;. The basic functionality has
 been available since apt 0.7.24, but was undocumented until apt 1.6 which contained a complete
 rework of the transport and its supported features. Note that a transport is never called directly
 by a user but used by APT tools based on user configuration.</para>
 <para>If the acquisition of a file via a mirror fails the method ensures that automatically
 another possible mirror of the list is tried until either the file is retrieved or no mirror is
 left in the list handling transparently server downtimes and similar problems.</para>
 <para>The security implications of the transport are based on the security considerations
 <para>If the acquisition of a file via a mirror fails, the method ensures that another possible mirror
 from the list is automatically tried until either the file is retrieved or no mirror is
 left in the list, transparently handling server downtimes and similar problems.</para>
 <para>The security implications of the transport depend on the security considerations
 associated with the transport used to acquire the mirrorlist and the transports involved in
 accessing the chosen mirror(s) by the transport.</para>
 </refsect1>

 <refsect1><title>Options</title>
 <para>This transport has no configuration options at present. The mirror selection is
 based entirely on the mirrors offered in the mirrorlist and the files apt needs to
 based entirely on the mirrors offered in the mirrorlist and the files APT needs to
 acquire.</para>

 <refsect2><title>Mirrorlist format</title>
 <para>A mirrorlist contains at least one line each specifying an URI for a mirror.
 Empty lines and those starting with a hash key (<literal>#</literal>) are ignored.
 An URI always starts with a URI scheme which defines the transport used for this
 mirror. If the URI e.g. starts with <literal>http:</literal> the responsible transport
 <para>A mirrorlist contains one or more lines each specifying a URI for a mirror.
 Empty lines and those starting with a hash character (<literal>#</literal>) are ignored.
 A URI always starts with a URI scheme which defines the transport used for this
 mirror. If for example the URI starts with <literal>http:</literal>, the responsible transport
 is &apt-transport-http; which might have specific requirements for the format of
 the remaining part of the URI.</para>
 <para>An URI can optionally be separated from metadata about the mirror by a tab.
 Multiple datapoints in the provided metadata can itself be separated by spaces for tabs.
 <para>Metadata about a mirror can be given on the same line, separated from the URI by a tab.
 Multiple items of metadata can themselves be separated by either tabs or spaces.
 (This is an advanced feature only available with apt >= 1.6. Earlier apt versions will
 fail to parse mirrorlists using this feature)</para>
 <para>Since apt 1.6 the usage of compressed mirrorlists is also supported.
 Note that the filename of the mirrorlist must specify the compression algorithm used,
 there is no auto-detection based on file content performed.</para>
 fail to parse mirrorlists using this feature.)</para>
 <para>Since apt 1.6 the use of compressed mirrorlists is also supported.
 Note that the filename of the mirrorlist must specify the compression algorithm used;
 there is no auto-detection based on file contents.</para>
 </refsect2>

 <refsect2><title>Mirror selection by metadata</title>
 <para>As specified in the format a mirror can have additional metadata attached to
 <para>As specified in the format, a mirror can have additional metadata attached to
 prevent a mirror from being selected for acquiring a file not matching this metadata.
 This way the mirrorlist can e.g. contain partial mirrors serving only certain
 architectures and apt will automatically choose a different mirror for files requiring
 architectures and APT will automatically choose a different mirror for files requiring
 an unlisted architecture. Supported are limits for the architecture (<literal>arch</literal>),
 codename of the release (<literal>codename</literal>), component of the repository
 the file is in (<literal>component</literal>), language the file applies to (<literal>lang</literal>),
@@ -76,18 +76,18 @@ suite name of the release (<literal>suite</literal>) and type of the file (<lite
 </refsect2>

 <refsect2><title>Fallback order for mirrors</title>
 <para>If no priority is given via the metadata key <literal>priority</literal> for a
 mirror the order in which mirrors are contacted is random. If a certain set of mirrors
 should be tried first before any of another set is tried a priority can be explicitly
 <para>If no priority is given for a mirror via the metadata key <literal>priority</literal>,
 the order in which mirrors are contacted is random. If a certain set of mirrors
 should be tried first before any of another set is tried, a priority can be explicitly
 set. The mirrors with the lowest number are tried first. Mirrors which have no explicit
 priority set default to the highest possible number and are therefore tried last. The
 choice between mirrors with the same priority is again random.</para>
 </refsect2>

 <refsect2><title>Allowed transports in a mirrorlist</title>
 <para>The availability and choice of transports in a mirrorlist is limited by how the apt
 <para>The availability and choice of transports in a mirrorlist is limited by how the APT
 client is accessing the mirrorlist. If a local transport like <literal>file</literal>
 or <literal>copy</literal> is used the mirrorlist can also include local sources while a
 or <literal>copy</literal> is used, the mirrorlist can also include local sources, while a
 mirrorlist accessed via <literal>http</literal> can not. Additionally, a mirrorlist can
 not contain a mirrorlist or other wrapping transports (like <package>apt-transport-tor</package>).
 See the documentation of these transports on how to use them with the mirror method.</para>
@@ -109,9 +109,9 @@ on your machine it can be used like this in &sources-list; (since apt 1.6):</par
 <literallayout>
 deb mirror+file:/etc/apt/mirrorlist.txt &debian-stable-codename; main
 </literallayout>
 <para>All versions of the mirror method support a mirrorlist accessible via http, so assuming
 <para>All versions of the mirror method support a mirrorlist accessible via HTTP, so assuming
 it is available at <literal>http://apt.example.org/mirror.lst</literal> the sources.list entry
 from above could be written instead as:</para>
 from above could instead be written as:</para>
 <literallayout>
 deb mirror://apt.example.org/mirror.lst &debian-stable-codename; main
 </literallayout>
@@ -120,10 +120,10 @@ be preferred over <literal>mirror</literal> for uniformity. The functionality is
 </refsect2>
 <refsect2><title>Example with metadata-enhanced mirror selection</title>
 <para>As explained in the format definition apt versions before 1.6 do not support this and
 will fail parsing the mirrorlist. The example mirrorlist is proposefully complicated to show some
 aspects of the selection. The following setup is assumed: The first mirror is local mirror
 will fail parsing the mirrorlist. The example mirrorlist is intentionally complicated to show some
 aspects of the selection. The following setup is assumed: The first mirror is a local mirror
 accessible via the file method, but potentially incomplete. The second mirror has a great
 connection, but is a partial mirror in sofar as it only contains files related
 connection, but is a partial mirror insofar as it only contains files related
 to the architectures <literal>amd64</literal> and <literal>all</literal>. The remaining mirrors
 are average mirrors which should be contacted only if the earlier ones didn't work.
 </para>
@@ -136,8 +136,8 @@ https://deb.debian.org/debian/
 </literallayout>
 <para>In this setup with this mirrorlist the first mirror will be used to download all
 index files assuming the mirrorlist itself is accessed via a local transport like
 <literal>file</literal>. If it isn't, the mirror is otherwise inaccessible or does not
 contain the requested file another mirror will be used to acquire the file, which one
 <literal>file</literal>. If it isn't, if the mirror is otherwise inaccessible or if it does not
 contain the requested file another mirror will be used to acquire the file, chosen
 depending on the type of the file: An index file will be served by the last
 mirror in the list, while a package of architecture <literal>amd64</literal> is served by
 the second and those of e.g. architecture <literal>i386</literal> by one of the last three.</para>
--- a/doc/po/apt-doc.pot
+++ b/doc/po/apt-doc.pot
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.6~alpha6\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
 "POT-Creation-Date: 2018-01-04 00:04+0100\n"
 "POT-Creation-Date: 2018-01-17 19:04+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -6976,20 +6976,20 @@ msgstr ""
 msgid ""
 "HTTP is an unencrypted transport protocol meaning that the whole "
 "communication with the remote server (or proxy) can be observed by a "
 "sufficiently capable attacker referred to commonly as man in the middle "
 "(MITM).  Such an attacker can <emphasis>not</emphasis> modify the "
 "communication to compromise the security of your system through as APTs data "
 "security model is independent of the chosen transport method. This is "
 "explained in detail in &apt-secure;. An overview over available transport "
 "sufficiently capable attacker commonly referred to as a \"man in the "
 "middle\" (MITM).  However, such an attacker can <emphasis>not</emphasis> "
 "modify the communication to compromise the security of your system, as APT's "
 "data security model is independent of the chosen transport method. This is "
 "explained in detail in &apt-secure;. An overview of available transport "
 "methods is given in &sources-list;."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-http.1.xml
 msgid ""
 "Various options are available to modify its behaviour which can be set in an "
 "&apt-conf; file ranging from proxy configuration to workaround for specific "
 "server insufficiencies."
 "Various options can be set in an &apt-conf; file to modify its behavior, "
 "ranging from proxy configuration to workarounds for specific server "
 "limitations."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -7001,16 +7001,16 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "The environment variable <envar>http_proxy</envar> is supported for system "
 "wide configuration.  Proxies specific to apt can be configured via the "
 "wide configuration.  Proxies specific to APT can be configured via the "
 "option <literal>Acquire::http::Proxy</literal>.  Proxies which should be "
 "used only for certain hosts can be specified via "
 "<literal>Acquire::http::Proxy::<replaceable>host</replaceable></literal>. "
 "Even more finegrained control can be achieved via proxy autodetection "
 "Even more finegrained control can be achieved via proxy autodetection, "
 "detailed further below.  All these options use the URI format "
 "<literal><replaceable>scheme</replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/</literal>.  "
 "Supported URI schemes are <literal>socks5h</literal> (SOCKS5 with remote DNS "
 "resolution), <literal>http</literal> and <literal>https</literal>.  "
 "Authentification details can be supplied via &apt-authconf; instead of "
 "Authentication details can be supplied via &apt-authconf; instead of "
 "including it in the URI directly."
 msgstr ""

@@ -7019,14 +7019,14 @@ msgstr ""
 msgid ""
 "The various APT configuration options support the special value "
 "<literal>DIRECT</literal> meaning that no proxy should be used. The "
 "environment variable <envar>no_proxy</envar> with the same propose is also "
 "supported."
 "environment variable <envar>no_proxy</envar> is also supported for the same "
 "purpose."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-http.1.xml
 msgid ""
 "Further more there are three settings provided for cache control with "
 "Furthermore, there are three settings provided for cache control with "
 "HTTP/1.1 compliant proxy caches: <literal>Acquire::http::No-Cache</literal> "
 "tells the proxy not to use its cached response under any circumstances.  "
 "<literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in "
@@ -7045,8 +7045,8 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
 "an external command to discover the http proxy to use. The first and only "
 "parameter is an URI denoting the host to be contacted to allow for "
 "an external command to discover the HTTP proxy to use. The first and only "
 "parameter is a URI denoting the host to be contacted, to allow for "
 "host-specific configuration. APT expects the command to output the proxy on "
 "stdout as a single line in the previously specified URI format or the word "
 "<literal>DIRECT</literal> if no proxy should be used. No output indicates "
@@ -7104,9 +7104,9 @@ msgid ""
 "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to "
 "enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial "
 "e.g. on high-latency connections. It specifies how many requests are sent in "
 "a pipeline.  APT tries to detect and workaround misbehaving webservers and "
 "a pipeline.  APT tries to detect and work around misbehaving webservers and "
 "proxies at runtime, but if you know that yours does not conform to the "
 "HTTP/1.1 specification pipelining can be disabled by setting the value to "
 "HTTP/1.1 specification, pipelining can be disabled by setting the value to "
 "0. It is enabled by default with the value 10."
 msgstr ""

@@ -7129,7 +7129,7 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::SendAccept</literal> is enabled by default and sends "
 "a <literal>Accept: text/*</literal> header field to the server for requests "
 "an <literal>Accept: text/*</literal> header field to the server for requests "
 "without file extensions to prevent the server from attempting content "
 "negotiation."
 msgstr ""
@@ -7168,19 +7168,18 @@ msgstr ""
 #: apt-transport-https.1.xml
 msgid ""
 "This APT transport allows the use of repositories accessed via the HTTP "
 "Secure protocol (HTTPS) also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was before that available in a "
 "<package>apt-transport-https</package> package. Note that a transport is "
 "never called directly by a user but used by APT tools based on user "
 "configuration."
 "Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was available before that in the package "
 "<package>apt-transport-https</package>. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "HTTP is by itself an unencrypted transport protocol (compare "
 "&apt-transport-http;), which, as indicated by the appended S is wrapped in "
 "an encrypted layer known as Transport Layer Security (TLS) which provides "
 "&apt-transport-http;), which, as indicated by the appended S, is wrapped in "
 "an encrypted layer known as Transport Layer Security (TLS) to provide "
 "end-to-end encryption.  A sufficiently capable attacker can still observe "
 "the communication partners and deeper analyse of the encrypted communcation "
 "might still reveal important details.  An overview over available "
@@ -7190,9 +7189,8 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "The HTTPS protocol is based on the HTTP protocol and as such this "
 "implementation has the same relation meaning that all options supported by "
 "&apt-transport-http; are also available via "
 "The HTTPS protocol is based on the HTTP protocol, so all options supported "
 "by &apt-transport-http; are also available via "
 "<literal>Acquire::https</literal> and will default to the same values "
 "specified for <literal>Acquire::http</literal>. This manpage will only "
 "document the options <emphasis>unique to https</emphasis>."
@@ -7212,12 +7210,12 @@ msgid ""
 "configured with the <literal>Acquire::https::CAInfo</literal> option and its "
 "host-specific option "
 "<literal>Acquire::https::CAInfo::<replaceable>host</replaceable></literal>.  "
 "The option specifies a file is made of the concatenation of the CA "
 "certificates (in PEM format) creating the chain used for the verification of "
 "the path from the root (self signed one). If the remote server provides the "
 "whole chain during the exchange, the file need only contain the root "
 "certificate. Otherwise, the whole chain is required. If you need to support "
 "multiple authorities, the only way is to concatenate everything."
 "The CAInfo option specifies a file made up of CA certificates (in PEM "
 "format)  concatenated together to create the chain which APT should use to "
 "verify the path from your self-signed root certificate. If the remote server "
 "provides the whole chain during the exchange, the file need only contain the "
 "root certificate. Otherwise, the whole chain is required. If you need to "
 "support multiple authorities, the only way is to concatenate everything."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -7225,9 +7223,8 @@ msgstr ""
 msgid ""
 "A custom certificate revocation list (CRL) can be configured with the "
 "options <literal>Acquire::https::CRLFile</literal> and "
 "<literal>Acquire::https::CRLFile::<replaceable>host</replaceable></literal> "
 "respectively.  Like the previous option a file in PEM format needs to be "
 "specified."
 "<literal>Acquire::https::CRLFile::<replaceable>host</replaceable></literal>.  "
 "As with the previous option, a file in PEM format needs to be specified."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -7238,15 +7235,15 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "When authenticating the server, if the certificate verification fails for "
 "some reason (expired, revoked, man in the middle, …), the connection fails.  "
 "During server authentication, if certificate verification fails for some "
 "reason (expired, revoked, man in the middle, etc.), the connection fails.  "
 "This is obviously what you want in all cases and what the default value "
 "(true)  of the option <literal>Acquire::https::Verify-Peer</literal> and its "
 "host-specific variant provides. If you know <emphasis>exactly</emphasis> "
 "what you are doing, setting this option to \"false\" allows you to skip peer "
 "certificate verification and make the exchange succeed. Again, this option "
 "is for debugging or testing purpose only as it removes all security provided "
 "by the use of HTTPS."
 "what you are doing, setting this option to \"<literal>false</literal>\" "
 "allows you to skip peer certificate verification and make the exchange "
 "succeed. Again, this option is for debugging or testing purposes only as it "
 "removes all security provided by the use of HTTPS."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -7259,8 +7256,9 @@ msgid ""
 "2818, the name of the mirror is checked against the identity found in the "
 "certificate. This default behavior is safe and should not be changed, but if "
 "you know that the server you are using has a DNS name which does not match "
 "the identity in its certificate, you can set the option to \"false\", which "
 "will prevent the comparison to be done."
 "the identity in its certificate, you can set the option to "
 "\"<literal>false</literal>\", which will prevent the comparison from being "
 "performed."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -7271,10 +7269,10 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "Beside the password based authentication available (see &apt-authconf;) "
 "HTTPS supports authentication based on client certificates as well via "
 "Besides supporting password-based authentication (see &apt-authconf;) HTTPS "
 "also supports authentication based on client certificates via "
 "<literal>Acquire::https::SSLCert</literal> and "
 "<literal>Acquire::https::SSLKey</literal>. They respectively should be set "
 "<literal>Acquire::https::SSLKey</literal>. These should be set respectively "
 "to the filename of the X.509 client certificate and the associated "
 "(unencrypted) private key, both in PEM format.  In practice the use of the "
 "host-specific variants of both options is highly recommended."
@@ -7322,26 +7320,27 @@ msgstr ""
 msgid ""
 "This APT transport isn't implementing a protocol to access local or remote "
 "repositories on its own, but acquires a mirrorlist and redirects all "
 "requests to the mirror(s) picked from this list access via other transports "
 "like &apt-transport-http;. The basic functionality is available since apt "
 "0.7.24, but was undocumented until apt 1.6 which contained a complete rework "
 "of the transport and its supported features. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 "requests to the mirror(s) picked from this list, accessing them via other "
 "transports like &apt-transport-http;. The basic functionality has been "
 "available since apt 0.7.24, but was undocumented until apt 1.6 which "
 "contained a complete rework of the transport and its supported "
 "features. Note that a transport is never called directly by a user but used "
 "by APT tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If the acquisition of a file via a mirror fails the method ensures that "
 "automatically another possible mirror of the list is tried until either the "
 "file is retrieved or no mirror is left in the list handling transparently "
 "server downtimes and similar problems."
 "If the acquisition of a file via a mirror fails, the method ensures that "
 "another possible mirror from the list is automatically tried until either "
 "the file is retrieved or no mirror is left in the list, transparently "
 "handling server downtimes and similar problems."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "The security implications of the transport are based on the security "
 "The security implications of the transport depend on the security "
 "considerations associated with the transport used to acquire the mirrorlist "
 "and the transports involved in accessing the chosen mirror(s) by the "
 "transport."
@@ -7351,7 +7350,7 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "This transport has no configuration options at present. The mirror selection "
 "is based entirely on the mirrors offered in the mirrorlist and the files apt "
 "is based entirely on the mirrors offered in the mirrorlist and the files APT "
 "needs to acquire."
 msgstr ""

@@ -7363,30 +7362,31 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "A mirrorlist contains at least one line each specifying an URI for a "
 "mirror.  Empty lines and those starting with a hash key "
 "(<literal>#</literal>) are ignored.  An URI always starts with a URI scheme "
 "which defines the transport used for this mirror. If the URI e.g. starts "
 "with <literal>http:</literal> the responsible transport is "
 "&apt-transport-http; which might have specific requirements for the format "
 "of the remaining part of the URI."
 "A mirrorlist contains one or more lines each specifying a URI for a mirror.  "
 "Empty lines and those starting with a hash character (<literal>#</literal>) "
 "are ignored.  A URI always starts with a URI scheme which defines the "
 "transport used for this mirror. If for example the URI starts with "
 "<literal>http:</literal>, the responsible transport is &apt-transport-http; "
 "which might have specific requirements for the format of the remaining part "
 "of the URI."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "An URI can optionally be separated from metadata about the mirror by a tab.  "
 "Multiple datapoints in the provided metadata can itself be separated by "
 "spaces for tabs.  (This is an advanced feature only available with apt >= "
 "1.6. Earlier apt versions will fail to parse mirrorlists using this feature)"
 "Metadata about a mirror can be given on the same line, separated from the "
 "URI by a tab.  Multiple items of metadata can themselves be separated by "
 "either tabs or spaces.  (This is an advanced feature only available with apt "
 ">= 1.6. Earlier apt versions will fail to parse mirrorlists using this "
 "feature.)"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "Since apt 1.6 the usage of compressed mirrorlists is also supported.  Note "
 "Since apt 1.6 the use of compressed mirrorlists is also supported.  Note "
 "that the filename of the mirrorlist must specify the compression algorithm "
 "used, there is no auto-detection based on file content performed."
 "used; there is no auto-detection based on file contents."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -7397,14 +7397,14 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "As specified in the format a mirror can have additional metadata attached to "
 "prevent a mirror from being selected for acquiring a file not matching this "
 "metadata.  This way the mirrorlist can e.g. contain partial mirrors serving "
 "only certain architectures and apt will automatically choose a different "
 "mirror for files requiring an unlisted architecture. Supported are limits "
 "for the architecture (<literal>arch</literal>), codename of the release "
 "(<literal>codename</literal>), component of the repository the file is in "
 "(<literal>component</literal>), language the file applies to "
 "As specified in the format, a mirror can have additional metadata attached "
 "to prevent a mirror from being selected for acquiring a file not matching "
 "this metadata.  This way the mirrorlist can e.g. contain partial mirrors "
 "serving only certain architectures and APT will automatically choose a "
 "different mirror for files requiring an unlisted architecture. Supported are "
 "limits for the architecture (<literal>arch</literal>), codename of the "
 "release (<literal>codename</literal>), component of the repository the file "
 "is in (<literal>component</literal>), language the file applies to "
 "(<literal>lang</literal>), suite name of the release "
 "(<literal>suite</literal>) and type of the file (<literal>type</literal>)."
 msgstr ""
@@ -7417,13 +7417,13 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If no priority is given via the metadata key <literal>priority</literal> for "
 "a mirror the order in which mirrors are contacted is random. If a certain "
 "set of mirrors should be tried first before any of another set is tried a "
 "priority can be explicitly set. The mirrors with the lowest number are tried "
 "first. Mirrors which have no explicit priority set default to the highest "
 "possible number and are therefore tried last. The choice between mirrors "
 "with the same priority is again random."
 "If no priority is given for a mirror via the metadata key "
 "<literal>priority</literal>, the order in which mirrors are contacted is "
 "random. If a certain set of mirrors should be tried first before any of "
 "another set is tried, a priority can be explicitly set. The mirrors with the "
 "lowest number are tried first. Mirrors which have no explicit priority set "
 "default to the highest possible number and are therefore tried last. The "
 "choice between mirrors with the same priority is again random."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -7435,9 +7435,9 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "The availability and choice of transports in a mirrorlist is limited by how "
 "the apt client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used the mirrorlist "
 "can also include local sources while a mirrorlist accessed via "
 "the APT client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used, the mirrorlist "
 "can also include local sources, while a mirrorlist accessed via "
 "<literal>http</literal> can not. Additionally, a mirrorlist can not contain "
 "a mirrorlist or other wrapping transports (like "
 "<package>apt-transport-tor</package>).  See the documentation of these "
@@ -7489,10 +7489,10 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "All versions of the mirror method support a mirrorlist accessible via http, "
 "All versions of the mirror method support a mirrorlist accessible via HTTP, "
 "so assuming it is available at "
 "<literal>http://apt.example.org/mirror.lst</literal> the sources.list entry "
 "from above could be written instead as:"
 "from above could instead be written as:"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><literallayout>
@@ -7519,10 +7519,10 @@ msgstr ""
 msgid ""
 "As explained in the format definition apt versions before 1.6 do not support "
 "this and will fail parsing the mirrorlist. The example mirrorlist is "
 "proposefully complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is local mirror accessible via "
 "the file method, but potentially incomplete. The second mirror has a great "
 "connection, but is a partial mirror in sofar as it only contains files "
 "intentionally complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is a local mirror accessible "
 "via the file method, but potentially incomplete. The second mirror has a "
 "great connection, but is a partial mirror insofar as it only contains files "
 "related to the architectures <literal>amd64</literal> and "
 "<literal>all</literal>. The remaining mirrors are average mirrors which "
 "should be contacted only if the earlier ones didn't work."
@@ -7545,12 +7545,12 @@ msgstr ""
 msgid ""
 "In this setup with this mirrorlist the first mirror will be used to download "
 "all index files assuming the mirrorlist itself is accessed via a local "
 "transport like <literal>file</literal>. If it isn't, the mirror is otherwise "
 "inaccessible or does not contain the requested file another mirror will be "
 "used to acquire the file, which one depending on the type of the file: An "
 "index file will be served by the last mirror in the list, while a package of "
 "architecture <literal>amd64</literal> is served by the second and those of "
 "e.g. architecture <literal>i386</literal> by one of the last three."
 "transport like <literal>file</literal>. If it isn't, if the mirror is "
 "otherwise inaccessible or if it does not contain the requested file another "
 "mirror will be used to acquire the file, chosen depending on the type of the "
 "file: An index file will be served by the last mirror in the list, while a "
 "package of architecture <literal>amd64</literal> is served by the second and "
 "those of e.g. architecture <literal>i386</literal> by one of the last three."
 msgstr ""

 #. type: Attribute 'lang' of: <book>
--- a/doc/po/de.po
+++ b/doc/po/de.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.3\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
 "POT-Creation-Date: 2018-01-03 22:34+0000\n"
 "POT-Creation-Date: 2018-01-17 19:04+0100\n"
 "PO-Revision-Date: 2016-11-15 21:51+0200\n"
 "Last-Translator: Chris Leick <c.leick@vollbio.de>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
@@ -9899,20 +9899,20 @@ msgstr ""
 msgid ""
 "HTTP is an unencrypted transport protocol meaning that the whole "
 "communication with the remote server (or proxy) can be observed by a "
 "sufficiently capable attacker referred to commonly as man in the middle "
 "(MITM).  Such an attacker can <emphasis>not</emphasis> modify the "
 "communication to compromise the security of your system through as APTs data "
 "sufficiently capable attacker commonly referred to as a \"man in the middle"
 "\" (MITM).  However, such an attacker can <emphasis>not</emphasis> modify "
 "the communication to compromise the security of your system, as APT's data "
 "security model is independent of the chosen transport method. This is "
 "explained in detail in &apt-secure;. An overview over available transport "
 "explained in detail in &apt-secure;. An overview of available transport "
 "methods is given in &sources-list;."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-http.1.xml
 msgid ""
 "Various options are available to modify its behaviour which can be set in an "
 "&apt-conf; file ranging from proxy configuration to workaround for specific "
 "server insufficiencies."
 "Various options can be set in an &apt-conf; file to modify its behavior, "
 "ranging from proxy configuration to workarounds for specific server "
 "limitations."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -9926,17 +9926,17 @@ msgstr "Benutzerkonfiguration"
 #: apt-transport-http.1.xml
 msgid ""
 "The environment variable <envar>http_proxy</envar> is supported for system "
 "wide configuration.  Proxies specific to apt can be configured via the "
 "wide configuration.  Proxies specific to APT can be configured via the "
 "option <literal>Acquire::http::Proxy</literal>.  Proxies which should be "
 "used only for certain hosts can be specified via <literal>Acquire::http::"
 "Proxy::<replaceable>host</replaceable></literal>. Even more finegrained "
 "control can be achieved via proxy autodetection detailed further below.  All "
 "these options use the URI format <literal><replaceable>scheme</"
 "control can be achieved via proxy autodetection, detailed further below.  "
 "All these options use the URI format <literal><replaceable>scheme</"
 "replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</"
 "replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</"
 "replaceable>]/</literal>.  Supported URI schemes are <literal>socks5h</"
 "literal> (SOCKS5 with remote DNS resolution), <literal>http</literal> and "
 "<literal>https</literal>.  Authentification details can be supplied via &apt-"
 "<literal>https</literal>.  Authentication details can be supplied via &apt-"
 "authconf; instead of including it in the URI directly."
 msgstr ""

@@ -9945,8 +9945,8 @@ msgstr ""
 msgid ""
 "The various APT configuration options support the special value "
 "<literal>DIRECT</literal> meaning that no proxy should be used. The "
 "environment variable <envar>no_proxy</envar> with the same propose is also "
 "supported."
 "environment variable <envar>no_proxy</envar> is also supported for the same "
 "purpose."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -9961,7 +9961,7 @@ msgstr ""
 #| "store the requested archive files in its cache, which can be used to "
 #| "prevent the proxy from polluting its cache with (big) .deb files."
 msgid ""
 "Further more there are three settings provided for cache control with "
 "Furthermore, there are three settings provided for cache control with "
 "HTTP/1.1 compliant proxy caches: <literal>Acquire::http::No-Cache</literal> "
 "tells the proxy not to use its cached response under any circumstances.  "
 "<literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in "
@@ -10006,8 +10006,8 @@ msgstr "Benutzerkonfiguration"
 #| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
 "an external command to discover the http proxy to use. The first and only "
 "parameter is an URI denoting the host to be contacted to allow for host-"
 "an external command to discover the HTTP proxy to use. The first and only "
 "parameter is a URI denoting the host to be contacted, to allow for host-"
 "specific configuration. APT expects the command to output the proxy on "
 "stdout as a single line in the previously specified URI format or the word "
 "<literal>DIRECT</literal> if no proxy should be used. No output indicates "
@@ -10098,14 +10098,23 @@ msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-http.1.xml
 #, fuzzy
 #| msgid ""
 #| "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used "
 #| "to enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be "
 #| "beneficial e.g. on high-latency connections. It specifies how many "
 #| "requests are sent in a pipeline.  APT tries to detect and workaround "
 #| "misbehaving webservers and proxies at runtime, but if you know that yours "
 #| "does not conform to the HTTP/1.1 specification pipelining can be disabled "
 #| "by setting the value to 0. It is enabled by default with the value 10."
 msgid ""
 "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to "
 "enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e."
 "g. on high-latency connections. It specifies how many requests are sent in a "
 "pipeline.  APT tries to detect and workaround misbehaving webservers and "
 "pipeline.  APT tries to detect and work around misbehaving webservers and "
 "proxies at runtime, but if you know that yours does not conform to the "
 "HTTP/1.1 specification pipelining can be disabled by setting the value to 0. "
 "It is enabled by default with the value 10."
 "HTTP/1.1 specification, pipelining can be disabled by setting the value to "
 "0. It is enabled by default with the value 10."
 msgstr ""
 "Die Einstellung <literal>Acquire::http::Pipeline-Depth</literal> kann "
 "verwandt werden, um HTTP-Weiterleitung zu aktivieren (RFC 2616 Abschnitt "
@@ -10142,7 +10151,7 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::SendAccept</literal> is enabled by default and sends "
 "a <literal>Accept: text/*</literal> header field to the server for requests "
 "an <literal>Accept: text/*</literal> header field to the server for requests "
 "without file extensions to prevent the server from attempting content "
 "negotiation."
 msgstr ""
@@ -10183,18 +10192,18 @@ msgstr ""
 #: apt-transport-https.1.xml
 msgid ""
 "This APT transport allows the use of repositories accessed via the HTTP "
 "Secure protocol (HTTPS) also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was before that available in a <package>apt-"
 "transport-https</package> package. Note that a transport is never called "
 "directly by a user but used by APT tools based on user configuration."
 "Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was available before that in the package "
 "<package>apt-transport-https</package>. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "HTTP is by itself an unencrypted transport protocol (compare &apt-transport-"
 "http;), which, as indicated by the appended S is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) which provides end-to-end "
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
 "communication partners and deeper analyse of the encrypted communcation "
 "might still reveal important details.  An overview over available "
@@ -10204,9 +10213,8 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "The HTTPS protocol is based on the HTTP protocol and as such this "
 "implementation has the same relation meaning that all options supported by "
 "&apt-transport-http; are also available via <literal>Acquire::https</"
 "The HTTPS protocol is based on the HTTP protocol, so all options supported "
 "by &apt-transport-http; are also available via <literal>Acquire::https</"
 "literal> and will default to the same values specified for <literal>Acquire::"
 "http</literal>. This manpage will only document the options <emphasis>unique "
 "to https</emphasis>."
@@ -10225,13 +10233,13 @@ msgid ""
 "certificate. An alternative certificate authority (CA) can be configured "
 "with the <literal>Acquire::https::CAInfo</literal> option and its host-"
 "specific option <literal>Acquire::https::CAInfo::<replaceable>host</"
 "replaceable></literal>.  The option specifies a file is made of the "
 "concatenation of the CA certificates (in PEM format) creating the chain used "
 "for the verification of the path from the root (self signed one). If the "
 "remote server provides the whole chain during the exchange, the file need "
 "only contain the root certificate. Otherwise, the whole chain is required. "
 "If you need to support multiple authorities, the only way is to concatenate "
 "everything."
 "replaceable></literal>.  The CAInfo option specifies a file made up of CA "
 "certificates (in PEM format)  concatenated together to create the chain "
 "which APT should use to verify the path from your self-signed root "
 "certificate. If the remote server provides the whole chain during the "
 "exchange, the file need only contain the root certificate. Otherwise, the "
 "whole chain is required. If you need to support multiple authorities, the "
 "only way is to concatenate everything."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10239,8 +10247,8 @@ msgstr ""
 msgid ""
 "A custom certificate revocation list (CRL) can be configured with the "
 "options <literal>Acquire::https::CRLFile</literal> and <literal>Acquire::"
 "https::CRLFile::<replaceable>host</replaceable></literal> respectively.  "
 "Like the previous option a file in PEM format needs to be specified."
 "https::CRLFile::<replaceable>host</replaceable></literal>.  As with the "
 "previous option, a file in PEM format needs to be specified."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10251,15 +10259,15 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "When authenticating the server, if the certificate verification fails for "
 "some reason (expired, revoked, man in the middle, …), the connection fails.  "
 "During server authentication, if certificate verification fails for some "
 "reason (expired, revoked, man in the middle, etc.), the connection fails.  "
 "This is obviously what you want in all cases and what the default value "
 "(true)  of the option <literal>Acquire::https::Verify-Peer</literal> and its "
 "host-specific variant provides. If you know <emphasis>exactly</emphasis> "
 "what you are doing, setting this option to \"false\" allows you to skip peer "
 "certificate verification and make the exchange succeed. Again, this option "
 "is for debugging or testing purpose only as it removes all security provided "
 "by the use of HTTPS."
 "what you are doing, setting this option to \"<literal>false</literal>\" "
 "allows you to skip peer certificate verification and make the exchange "
 "succeed. Again, this option is for debugging or testing purposes only as it "
 "removes all security provided by the use of HTTPS."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10272,8 +10280,8 @@ msgid ""
 "2818, the name of the mirror is checked against the identity found in the "
 "certificate. This default behavior is safe and should not be changed, but if "
 "you know that the server you are using has a DNS name which does not match "
 "the identity in its certificate, you can set the option to \"false\", which "
 "will prevent the comparison to be done."
 "the identity in its certificate, you can set the option to \"<literal>false</"
 "literal>\", which will prevent the comparison from being performed."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10284,10 +10292,10 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "Beside the password based authentication available (see &apt-authconf;) "
 "HTTPS supports authentication based on client certificates as well via "
 "Besides supporting password-based authentication (see &apt-authconf;) HTTPS "
 "also supports authentication based on client certificates via "
 "<literal>Acquire::https::SSLCert</literal> and <literal>Acquire::https::"
 "SSLKey</literal>. They respectively should be set to the filename of the "
 "SSLKey</literal>. These should be set respectively to the filename of the "
 "X.509 client certificate and the associated (unencrypted) private key, both "
 "in PEM format.  In practice the use of the host-specific variants of both "
 "options is highly recommended."
@@ -10337,26 +10345,27 @@ msgstr ""
 msgid ""
 "This APT transport isn't implementing a protocol to access local or remote "
 "repositories on its own, but acquires a mirrorlist and redirects all "
 "requests to the mirror(s) picked from this list access via other transports "
 "like &apt-transport-http;. The basic functionality is available since apt "
 "0.7.24, but was undocumented until apt 1.6 which contained a complete rework "
 "of the transport and its supported features. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 "requests to the mirror(s) picked from this list, accessing them via other "
 "transports like &apt-transport-http;. The basic functionality has been "
 "available since apt 0.7.24, but was undocumented until apt 1.6 which "
 "contained a complete rework of the transport and its supported features. "
 "Note that a transport is never called directly by a user but used by APT "
 "tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If the acquisition of a file via a mirror fails the method ensures that "
 "automatically another possible mirror of the list is tried until either the "
 "file is retrieved or no mirror is left in the list handling transparently "
 "server downtimes and similar problems."
 "If the acquisition of a file via a mirror fails, the method ensures that "
 "another possible mirror from the list is automatically tried until either "
 "the file is retrieved or no mirror is left in the list, transparently "
 "handling server downtimes and similar problems."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "The security implications of the transport are based on the security "
 "The security implications of the transport depend on the security "
 "considerations associated with the transport used to acquire the mirrorlist "
 "and the transports involved in accessing the chosen mirror(s) by the "
 "transport."
@@ -10366,7 +10375,7 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "This transport has no configuration options at present. The mirror selection "
 "is based entirely on the mirrors offered in the mirrorlist and the files apt "
 "is based entirely on the mirrors offered in the mirrorlist and the files APT "
 "needs to acquire."
 msgstr ""

@@ -10378,11 +10387,11 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "A mirrorlist contains at least one line each specifying an URI for a "
 "mirror.  Empty lines and those starting with a hash key (<literal>#</"
 "literal>) are ignored.  An URI always starts with a URI scheme which defines "
 "the transport used for this mirror. If the URI e.g. starts with "
 "<literal>http:</literal> the responsible transport is &apt-transport-http; "
 "A mirrorlist contains one or more lines each specifying a URI for a mirror.  "
 "Empty lines and those starting with a hash character (<literal>#</literal>) "
 "are ignored.  A URI always starts with a URI scheme which defines the "
 "transport used for this mirror. If for example the URI starts with "
 "<literal>http:</literal>, the responsible transport is &apt-transport-http; "
 "which might have specific requirements for the format of the remaining part "
 "of the URI."
 msgstr ""
@@ -10390,18 +10399,19 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "An URI can optionally be separated from metadata about the mirror by a tab.  "
 "Multiple datapoints in the provided metadata can itself be separated by "
 "spaces for tabs.  (This is an advanced feature only available with apt >= "
 "1.6. Earlier apt versions will fail to parse mirrorlists using this feature)"
 "Metadata about a mirror can be given on the same line, separated from the "
 "URI by a tab.  Multiple items of metadata can themselves be separated by "
 "either tabs or spaces.  (This is an advanced feature only available with apt "
 ">= 1.6. Earlier apt versions will fail to parse mirrorlists using this "
 "feature.)"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "Since apt 1.6 the usage of compressed mirrorlists is also supported.  Note "
 "Since apt 1.6 the use of compressed mirrorlists is also supported.  Note "
 "that the filename of the mirrorlist must specify the compression algorithm "
 "used, there is no auto-detection based on file content performed."
 "used; there is no auto-detection based on file contents."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10412,16 +10422,16 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "As specified in the format a mirror can have additional metadata attached to "
 "prevent a mirror from being selected for acquiring a file not matching this "
 "metadata.  This way the mirrorlist can e.g. contain partial mirrors serving "
 "only certain architectures and apt will automatically choose a different "
 "mirror for files requiring an unlisted architecture. Supported are limits "
 "for the architecture (<literal>arch</literal>), codename of the release "
 "(<literal>codename</literal>), component of the repository the file is in "
 "(<literal>component</literal>), language the file applies to (<literal>lang</"
 "literal>), suite name of the release (<literal>suite</literal>) and type of "
 "the file (<literal>type</literal>)."
 "As specified in the format, a mirror can have additional metadata attached "
 "to prevent a mirror from being selected for acquiring a file not matching "
 "this metadata.  This way the mirrorlist can e.g. contain partial mirrors "
 "serving only certain architectures and APT will automatically choose a "
 "different mirror for files requiring an unlisted architecture. Supported are "
 "limits for the architecture (<literal>arch</literal>), codename of the "
 "release (<literal>codename</literal>), component of the repository the file "
 "is in (<literal>component</literal>), language the file applies to "
 "(<literal>lang</literal>), suite name of the release (<literal>suite</"
 "literal>) and type of the file (<literal>type</literal>)."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10432,9 +10442,9 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If no priority is given via the metadata key <literal>priority</literal> for "
 "a mirror the order in which mirrors are contacted is random. If a certain "
 "set of mirrors should be tried first before any of another set is tried a "
 "If no priority is given for a mirror via the metadata key <literal>priority</"
 "literal>, the order in which mirrors are contacted is random. If a certain "
 "set of mirrors should be tried first before any of another set is tried, a "
 "priority can be explicitly set. The mirrors with the lowest number are tried "
 "first. Mirrors which have no explicit priority set default to the highest "
 "possible number and are therefore tried last. The choice between mirrors "
@@ -10450,9 +10460,9 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "The availability and choice of transports in a mirrorlist is limited by how "
 "the apt client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used the mirrorlist "
 "can also include local sources while a mirrorlist accessed via "
 "the APT client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used, the mirrorlist "
 "can also include local sources, while a mirrorlist accessed via "
 "<literal>http</literal> can not. Additionally, a mirrorlist can not contain "
 "a mirrorlist or other wrapping transports (like <package>apt-transport-tor</"
 "package>).  See the documentation of these transports on how to use them "
@@ -10504,9 +10514,9 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "All versions of the mirror method support a mirrorlist accessible via http, "
 "All versions of the mirror method support a mirrorlist accessible via HTTP, "
 "so assuming it is available at <literal>http://apt.example.org/mirror.lst</"
 "literal> the sources.list entry from above could be written instead as:"
 "literal> the sources.list entry from above could instead be written as:"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><literallayout>
@@ -10534,10 +10544,10 @@ msgstr ""
 msgid ""
 "As explained in the format definition apt versions before 1.6 do not support "
 "this and will fail parsing the mirrorlist. The example mirrorlist is "
 "proposefully complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is local mirror accessible via "
 "the file method, but potentially incomplete. The second mirror has a great "
 "connection, but is a partial mirror in sofar as it only contains files "
 "intentionally complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is a local mirror accessible "
 "via the file method, but potentially incomplete. The second mirror has a "
 "great connection, but is a partial mirror insofar as it only contains files "
 "related to the architectures <literal>amd64</literal> and <literal>all</"
 "literal>. The remaining mirrors are average mirrors which should be "
 "contacted only if the earlier ones didn't work."
@@ -10559,12 +10569,12 @@ msgstr ""
 msgid ""
 "In this setup with this mirrorlist the first mirror will be used to download "
 "all index files assuming the mirrorlist itself is accessed via a local "
 "transport like <literal>file</literal>. If it isn't, the mirror is otherwise "
 "inaccessible or does not contain the requested file another mirror will be "
 "used to acquire the file, which one depending on the type of the file: An "
 "index file will be served by the last mirror in the list, while a package of "
 "architecture <literal>amd64</literal> is served by the second and those of e."
 "g. architecture <literal>i386</literal> by one of the last three."
 "transport like <literal>file</literal>. If it isn't, if the mirror is "
 "otherwise inaccessible or if it does not contain the requested file another "
 "mirror will be used to acquire the file, chosen depending on the type of the "
 "file: An index file will be served by the last mirror in the list, while a "
 "package of architecture <literal>amd64</literal> is served by the second and "
 "those of e.g. architecture <literal>i386</literal> by one of the last three."
 msgstr ""

 #. type: Attribute 'lang' of: <book>
--- a/doc/po/es.po
+++ b/doc/po/es.po
@@ -38,7 +38,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
 "POT-Creation-Date: 2018-01-03 22:34+0000\n"
 "POT-Creation-Date: 2018-01-17 19:04+0100\n"
 "PO-Revision-Date: 2014-07-04 01:31+0200\n"
 "Last-Translator: Omar Campagne <ocampagne@gmail.com>\n"
 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -9741,20 +9741,20 @@ msgstr ""
 msgid ""
 "HTTP is an unencrypted transport protocol meaning that the whole "
 "communication with the remote server (or proxy) can be observed by a "
 "sufficiently capable attacker referred to commonly as man in the middle "
 "(MITM).  Such an attacker can <emphasis>not</emphasis> modify the "
 "communication to compromise the security of your system through as APTs data "
 "sufficiently capable attacker commonly referred to as a \"man in the middle"
 "\" (MITM).  However, such an attacker can <emphasis>not</emphasis> modify "
 "the communication to compromise the security of your system, as APT's data "
 "security model is independent of the chosen transport method. This is "
 "explained in detail in &apt-secure;. An overview over available transport "
 "explained in detail in &apt-secure;. An overview of available transport "
 "methods is given in &sources-list;."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-http.1.xml
 msgid ""
 "Various options are available to modify its behaviour which can be set in an "
 "&apt-conf; file ranging from proxy configuration to workaround for specific "
 "server insufficiencies."
 "Various options can be set in an &apt-conf; file to modify its behavior, "
 "ranging from proxy configuration to workarounds for specific server "
 "limitations."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -9768,17 +9768,17 @@ msgstr "Configuración de usuario"
 #: apt-transport-http.1.xml
 msgid ""
 "The environment variable <envar>http_proxy</envar> is supported for system "
 "wide configuration.  Proxies specific to apt can be configured via the "
 "wide configuration.  Proxies specific to APT can be configured via the "
 "option <literal>Acquire::http::Proxy</literal>.  Proxies which should be "
 "used only for certain hosts can be specified via <literal>Acquire::http::"
 "Proxy::<replaceable>host</replaceable></literal>. Even more finegrained "
 "control can be achieved via proxy autodetection detailed further below.  All "
 "these options use the URI format <literal><replaceable>scheme</"
 "control can be achieved via proxy autodetection, detailed further below.  "
 "All these options use the URI format <literal><replaceable>scheme</"
 "replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</"
 "replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</"
 "replaceable>]/</literal>.  Supported URI schemes are <literal>socks5h</"
 "literal> (SOCKS5 with remote DNS resolution), <literal>http</literal> and "
 "<literal>https</literal>.  Authentification details can be supplied via &apt-"
 "<literal>https</literal>.  Authentication details can be supplied via &apt-"
 "authconf; instead of including it in the URI directly."
 msgstr ""

@@ -9787,8 +9787,8 @@ msgstr ""
 msgid ""
 "The various APT configuration options support the special value "
 "<literal>DIRECT</literal> meaning that no proxy should be used. The "
 "environment variable <envar>no_proxy</envar> with the same propose is also "
 "supported."
 "environment variable <envar>no_proxy</envar> is also supported for the same "
 "purpose."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -9803,7 +9803,7 @@ msgstr ""
 #| "store the requested archive files in its cache, which can be used to "
 #| "prevent the proxy from polluting its cache with (big) .deb files."
 msgid ""
 "Further more there are three settings provided for cache control with "
 "Furthermore, there are three settings provided for cache control with "
 "HTTP/1.1 compliant proxy caches: <literal>Acquire::http::No-Cache</literal> "
 "tells the proxy not to use its cached response under any circumstances.  "
 "<literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in "
@@ -9831,8 +9831,8 @@ msgstr "Configuración de usuario"
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
 "an external command to discover the http proxy to use. The first and only "
 "parameter is an URI denoting the host to be contacted to allow for host-"
 "an external command to discover the HTTP proxy to use. The first and only "
 "parameter is a URI denoting the host to be contacted, to allow for host-"
 "specific configuration. APT expects the command to output the proxy on "
 "stdout as a single line in the previously specified URI format or the word "
 "<literal>DIRECT</literal> if no proxy should be used. No output indicates "
@@ -9920,10 +9920,10 @@ msgid ""
 "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to "
 "enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e."
 "g. on high-latency connections. It specifies how many requests are sent in a "
 "pipeline.  APT tries to detect and workaround misbehaving webservers and "
 "pipeline.  APT tries to detect and work around misbehaving webservers and "
 "proxies at runtime, but if you know that yours does not conform to the "
 "HTTP/1.1 specification pipelining can be disabled by setting the value to 0. "
 "It is enabled by default with the value 10."
 "HTTP/1.1 specification, pipelining can be disabled by setting the value to "
 "0. It is enabled by default with the value 10."
 msgstr ""
 "La opción <literal>Acquire::http::Pipeline-Depth</literal> se puede utilizar "
 "para activar HTTP pipelining (RFC 2616 sección 8.1.2.2), que puede "
@@ -9958,7 +9958,7 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::SendAccept</literal> is enabled by default and sends "
 "a <literal>Accept: text/*</literal> header field to the server for requests "
 "an <literal>Accept: text/*</literal> header field to the server for requests "
 "without file extensions to prevent the server from attempting content "
 "negotiation."
 msgstr ""
@@ -9999,18 +9999,18 @@ msgstr ""
 #: apt-transport-https.1.xml
 msgid ""
 "This APT transport allows the use of repositories accessed via the HTTP "
 "Secure protocol (HTTPS) also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was before that available in a <package>apt-"
 "transport-https</package> package. Note that a transport is never called "
 "directly by a user but used by APT tools based on user configuration."
 "Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was available before that in the package "
 "<package>apt-transport-https</package>. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "HTTP is by itself an unencrypted transport protocol (compare &apt-transport-"
 "http;), which, as indicated by the appended S is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) which provides end-to-end "
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
 "communication partners and deeper analyse of the encrypted communcation "
 "might still reveal important details.  An overview over available "
@@ -10020,9 +10020,8 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "The HTTPS protocol is based on the HTTP protocol and as such this "
 "implementation has the same relation meaning that all options supported by "
 "&apt-transport-http; are also available via <literal>Acquire::https</"
 "The HTTPS protocol is based on the HTTP protocol, so all options supported "
 "by &apt-transport-http; are also available via <literal>Acquire::https</"
 "literal> and will default to the same values specified for <literal>Acquire::"
 "http</literal>. This manpage will only document the options <emphasis>unique "
 "to https</emphasis>."
@@ -10041,13 +10040,13 @@ msgid ""
 "certificate. An alternative certificate authority (CA) can be configured "
 "with the <literal>Acquire::https::CAInfo</literal> option and its host-"
 "specific option <literal>Acquire::https::CAInfo::<replaceable>host</"
 "replaceable></literal>.  The option specifies a file is made of the "
 "concatenation of the CA certificates (in PEM format) creating the chain used "
 "for the verification of the path from the root (self signed one). If the "
 "remote server provides the whole chain during the exchange, the file need "
 "only contain the root certificate. Otherwise, the whole chain is required. "
 "If you need to support multiple authorities, the only way is to concatenate "
 "everything."
 "replaceable></literal>.  The CAInfo option specifies a file made up of CA "
 "certificates (in PEM format)  concatenated together to create the chain "
 "which APT should use to verify the path from your self-signed root "
 "certificate. If the remote server provides the whole chain during the "
 "exchange, the file need only contain the root certificate. Otherwise, the "
 "whole chain is required. If you need to support multiple authorities, the "
 "only way is to concatenate everything."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10055,8 +10054,8 @@ msgstr ""
 msgid ""
 "A custom certificate revocation list (CRL) can be configured with the "
 "options <literal>Acquire::https::CRLFile</literal> and <literal>Acquire::"
 "https::CRLFile::<replaceable>host</replaceable></literal> respectively.  "
 "Like the previous option a file in PEM format needs to be specified."
 "https::CRLFile::<replaceable>host</replaceable></literal>.  As with the "
 "previous option, a file in PEM format needs to be specified."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10067,15 +10066,15 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "When authenticating the server, if the certificate verification fails for "
 "some reason (expired, revoked, man in the middle, …), the connection fails.  "
 "During server authentication, if certificate verification fails for some "
 "reason (expired, revoked, man in the middle, etc.), the connection fails.  "
 "This is obviously what you want in all cases and what the default value "
 "(true)  of the option <literal>Acquire::https::Verify-Peer</literal> and its "
 "host-specific variant provides. If you know <emphasis>exactly</emphasis> "
 "what you are doing, setting this option to \"false\" allows you to skip peer "
 "certificate verification and make the exchange succeed. Again, this option "
 "is for debugging or testing purpose only as it removes all security provided "
 "by the use of HTTPS."
 "what you are doing, setting this option to \"<literal>false</literal>\" "
 "allows you to skip peer certificate verification and make the exchange "
 "succeed. Again, this option is for debugging or testing purposes only as it "
 "removes all security provided by the use of HTTPS."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10088,8 +10087,8 @@ msgid ""
 "2818, the name of the mirror is checked against the identity found in the "
 "certificate. This default behavior is safe and should not be changed, but if "
 "you know that the server you are using has a DNS name which does not match "
 "the identity in its certificate, you can set the option to \"false\", which "
 "will prevent the comparison to be done."
 "the identity in its certificate, you can set the option to \"<literal>false</"
 "literal>\", which will prevent the comparison from being performed."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10100,10 +10099,10 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "Beside the password based authentication available (see &apt-authconf;) "
 "HTTPS supports authentication based on client certificates as well via "
 "Besides supporting password-based authentication (see &apt-authconf;) HTTPS "
 "also supports authentication based on client certificates via "
 "<literal>Acquire::https::SSLCert</literal> and <literal>Acquire::https::"
 "SSLKey</literal>. They respectively should be set to the filename of the "
 "SSLKey</literal>. These should be set respectively to the filename of the "
 "X.509 client certificate and the associated (unencrypted) private key, both "
 "in PEM format.  In practice the use of the host-specific variants of both "
 "options is highly recommended."
@@ -10153,26 +10152,27 @@ msgstr ""
 msgid ""
 "This APT transport isn't implementing a protocol to access local or remote "
 "repositories on its own, but acquires a mirrorlist and redirects all "
 "requests to the mirror(s) picked from this list access via other transports "
 "like &apt-transport-http;. The basic functionality is available since apt "
 "0.7.24, but was undocumented until apt 1.6 which contained a complete rework "
 "of the transport and its supported features. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 "requests to the mirror(s) picked from this list, accessing them via other "
 "transports like &apt-transport-http;. The basic functionality has been "
 "available since apt 0.7.24, but was undocumented until apt 1.6 which "
 "contained a complete rework of the transport and its supported features. "
 "Note that a transport is never called directly by a user but used by APT "
 "tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If the acquisition of a file via a mirror fails the method ensures that "
 "automatically another possible mirror of the list is tried until either the "
 "file is retrieved or no mirror is left in the list handling transparently "
 "server downtimes and similar problems."
 "If the acquisition of a file via a mirror fails, the method ensures that "
 "another possible mirror from the list is automatically tried until either "
 "the file is retrieved or no mirror is left in the list, transparently "
 "handling server downtimes and similar problems."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "The security implications of the transport are based on the security "
 "The security implications of the transport depend on the security "
 "considerations associated with the transport used to acquire the mirrorlist "
 "and the transports involved in accessing the chosen mirror(s) by the "
 "transport."
@@ -10182,7 +10182,7 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "This transport has no configuration options at present. The mirror selection "
 "is based entirely on the mirrors offered in the mirrorlist and the files apt "
 "is based entirely on the mirrors offered in the mirrorlist and the files APT "
 "needs to acquire."
 msgstr ""

@@ -10194,11 +10194,11 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "A mirrorlist contains at least one line each specifying an URI for a "
 "mirror.  Empty lines and those starting with a hash key (<literal>#</"
 "literal>) are ignored.  An URI always starts with a URI scheme which defines "
 "the transport used for this mirror. If the URI e.g. starts with "
 "<literal>http:</literal> the responsible transport is &apt-transport-http; "
 "A mirrorlist contains one or more lines each specifying a URI for a mirror.  "
 "Empty lines and those starting with a hash character (<literal>#</literal>) "
 "are ignored.  A URI always starts with a URI scheme which defines the "
 "transport used for this mirror. If for example the URI starts with "
 "<literal>http:</literal>, the responsible transport is &apt-transport-http; "
 "which might have specific requirements for the format of the remaining part "
 "of the URI."
 msgstr ""
@@ -10206,18 +10206,19 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "An URI can optionally be separated from metadata about the mirror by a tab.  "
 "Multiple datapoints in the provided metadata can itself be separated by "
 "spaces for tabs.  (This is an advanced feature only available with apt >= "
 "1.6. Earlier apt versions will fail to parse mirrorlists using this feature)"
 "Metadata about a mirror can be given on the same line, separated from the "
 "URI by a tab.  Multiple items of metadata can themselves be separated by "
 "either tabs or spaces.  (This is an advanced feature only available with apt "
 ">= 1.6. Earlier apt versions will fail to parse mirrorlists using this "
 "feature.)"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "Since apt 1.6 the usage of compressed mirrorlists is also supported.  Note "
 "Since apt 1.6 the use of compressed mirrorlists is also supported.  Note "
 "that the filename of the mirrorlist must specify the compression algorithm "
 "used, there is no auto-detection based on file content performed."
 "used; there is no auto-detection based on file contents."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10228,16 +10229,16 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "As specified in the format a mirror can have additional metadata attached to "
 "prevent a mirror from being selected for acquiring a file not matching this "
 "metadata.  This way the mirrorlist can e.g. contain partial mirrors serving "
 "only certain architectures and apt will automatically choose a different "
 "mirror for files requiring an unlisted architecture. Supported are limits "
 "for the architecture (<literal>arch</literal>), codename of the release "
 "(<literal>codename</literal>), component of the repository the file is in "
 "(<literal>component</literal>), language the file applies to (<literal>lang</"
 "literal>), suite name of the release (<literal>suite</literal>) and type of "
 "the file (<literal>type</literal>)."
 "As specified in the format, a mirror can have additional metadata attached "
 "to prevent a mirror from being selected for acquiring a file not matching "
 "this metadata.  This way the mirrorlist can e.g. contain partial mirrors "
 "serving only certain architectures and APT will automatically choose a "
 "different mirror for files requiring an unlisted architecture. Supported are "
 "limits for the architecture (<literal>arch</literal>), codename of the "
 "release (<literal>codename</literal>), component of the repository the file "
 "is in (<literal>component</literal>), language the file applies to "
 "(<literal>lang</literal>), suite name of the release (<literal>suite</"
 "literal>) and type of the file (<literal>type</literal>)."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10248,9 +10249,9 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "If no priority is given via the metadata key <literal>priority</literal> for "
 "a mirror the order in which mirrors are contacted is random. If a certain "
 "set of mirrors should be tried first before any of another set is tried a "
 "If no priority is given for a mirror via the metadata key <literal>priority</"
 "literal>, the order in which mirrors are contacted is random. If a certain "
 "set of mirrors should be tried first before any of another set is tried, a "
 "priority can be explicitly set. The mirrors with the lowest number are tried "
 "first. Mirrors which have no explicit priority set default to the highest "
 "possible number and are therefore tried last. The choice between mirrors "
@@ -10266,9 +10267,9 @@ msgstr ""
 #: apt-transport-mirror.1.xml
 msgid ""
 "The availability and choice of transports in a mirrorlist is limited by how "
 "the apt client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used the mirrorlist "
 "can also include local sources while a mirrorlist accessed via "
 "the APT client is accessing the mirrorlist. If a local transport like "
 "<literal>file</literal> or <literal>copy</literal> is used, the mirrorlist "
 "can also include local sources, while a mirrorlist accessed via "
 "<literal>http</literal> can not. Additionally, a mirrorlist can not contain "
 "a mirrorlist or other wrapping transports (like <package>apt-transport-tor</"
 "package>).  See the documentation of these transports on how to use them "
@@ -10320,9 +10321,9 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-mirror.1.xml
 msgid ""
 "All versions of the mirror method support a mirrorlist accessible via http, "
 "All versions of the mirror method support a mirrorlist accessible via HTTP, "
 "so assuming it is available at <literal>http://apt.example.org/mirror.lst</"
 "literal> the sources.list entry from above could be written instead as:"
 "literal> the sources.list entry from above could instead be written as:"
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><literallayout>
@@ -10350,10 +10351,10 @@ msgstr ""
 msgid ""
 "As explained in the format definition apt versions before 1.6 do not support "
 "this and will fail parsing the mirrorlist. The example mirrorlist is "
 "proposefully complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is local mirror accessible via "
 "the file method, but potentially incomplete. The second mirror has a great "
 "connection, but is a partial mirror in sofar as it only contains files "
 "intentionally complicated to show some aspects of the selection. The "
 "following setup is assumed: The first mirror is a local mirror accessible "
 "via the file method, but potentially incomplete. The second mirror has a "
 "great connection, but is a partial mirror insofar as it only contains files "
 "related to the architectures <literal>amd64</literal> and <literal>all</"
 "literal>. The remaining mirrors are average mirrors which should be "
 "contacted only if the earlier ones didn't work."
@@ -10375,12 +10376,12 @@ msgstr ""
 msgid ""
 "In this setup with this mirrorlist the first mirror will be used to download "
 "all index files assuming the mirrorlist itself is accessed via a local "
 "transport like <literal>file</literal>. If it isn't, the mirror is otherwise "
 "inaccessible or does not contain the requested file another mirror will be "
 "used to acquire the file, which one depending on the type of the file: An "
 "index file will be served by the last mirror in the list, while a package of "
 "architecture <literal>amd64</literal> is served by the second and those of e."
 "g. architecture <literal>i386</literal> by one of the last three."
 "transport like <literal>file</literal>. If it isn't, if the mirror is "
 "otherwise inaccessible or if it does not contain the requested file another "
 "mirror will be used to acquire the file, chosen depending on the type of the "
 "file: An index file will be served by the last mirror in the list, while a "
 "package of architecture <literal>amd64</literal> is served by the second and "
 "those of e.g. architecture <literal>i386</literal> by one of the last three."
 msgstr ""

 #. type: Attribute 'lang' of: <book>
--- a/doc/po/fr.po
+++ b/doc/po/fr.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: apt-doc 1.0.5\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
 "POT-Creation-Date: 2018-01-03 22:34+0000\n"
 "POT-Creation-Date: 2018-01-17 19:04+0100\n"
 "PO-Revision-Date: 2017-01-24 22:43+0100\n"
 "Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -9877,20 +9877,20 @@ msgstr ""
 msgid ""
 "HTTP is an unencrypted transport protocol meaning that the whole "
 "communication with the remote server (or proxy) can be observed by a "
 "sufficiently capable attacker referred to commonly as man in the middle "
 "(MITM).  Such an attacker can <emphasis>not</emphasis> modify the "
 "communication to compromise the security of your system through as APTs data "
 "sufficiently capable attacker commonly referred to as a \"man in the middle"
 "\" (MITM).  However, such an attacker can <emphasis>not</emphasis> modify "
 "the communication to compromise the security of your system, as APT's data "
 "security model is independent of the chosen transport method. This is "
 "explained in detail in &apt-secure;. An overview over available transport "
 "explained in detail in &apt-secure;. An overview of available transport "
 "methods is given in &sources-list;."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-http.1.xml
 msgid ""
 "Various options are available to modify its behaviour which can be set in an "
 "&apt-conf; file ranging from proxy configuration to workaround for specific "
 "server insufficiencies."
 "Various options can be set in an &apt-conf; file to modify its behavior, "
 "ranging from proxy configuration to workarounds for specific server "
 "limitations."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -9904,17 +9904,17 @@ msgstr "Configuration utilisateur"
 #: apt-transport-http.1.xml
 msgid ""
 "The environment variable <envar>http_proxy</envar> is supported for system "
 "wide configuration.  Proxies specific to apt can be configured via the "
 "wide configuration.  Proxies specific to APT can be configured via the "
 "option <literal>Acquire::http::Proxy</literal>.  Proxies which should be "
 "used only for certain hosts can be specified via <literal>Acquire::http::"
 "Proxy::<replaceable>host</replaceable></literal>. Even more finegrained "
 "control can be achieved via proxy autodetection detailed further below.  All "
 "these options use the URI format <literal><replaceable>scheme</"
 "control can be achieved via proxy autodetection, detailed further below.  "
 "All these options use the URI format <literal><replaceable>scheme</"
 "replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</"
 "replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</"
 "replaceable>]/</literal>.  Supported URI schemes are <literal>socks5h</"
 "literal> (SOCKS5 with remote DNS resolution), <literal>http</literal> and "
 "<literal>https</literal>.  Authentification details can be supplied via &apt-"
 "<literal>https</literal>.  Authentication details can be supplied via &apt-"
 "authconf; instead of including it in the URI directly."
 msgstr ""

@@ -9923,8 +9923,8 @@ msgstr ""
 msgid ""
 "The various APT configuration options support the special value "
 "<literal>DIRECT</literal> meaning that no proxy should be used. The "
 "environment variable <envar>no_proxy</envar> with the same propose is also "
 "supported."
 "environment variable <envar>no_proxy</envar> is also supported for the same "
 "purpose."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -9939,7 +9939,7 @@ msgstr ""
 #| "store the requested archive files in its cache, which can be used to "
 #| "prevent the proxy from polluting its cache with (big) .deb files."
 msgid ""
 "Further more there are three settings provided for cache control with "
 "Furthermore, there are three settings provided for cache control with "
 "HTTP/1.1 compliant proxy caches: <literal>Acquire::http::No-Cache</literal> "
 "tells the proxy not to use its cached response under any circumstances.  "
 "<literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in "
@@ -9983,8 +9983,8 @@ msgstr "Configuration utilisateur"
 #| "<literal>ProxyAutoDetect</literal>."
 msgid ""
 "<literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to specify "
 "an external command to discover the http proxy to use. The first and only "
 "parameter is an URI denoting the host to be contacted to allow for host-"
 "an external command to discover the HTTP proxy to use. The first and only "
 "parameter is a URI denoting the host to be contacted, to allow for host-"
 "specific configuration. APT expects the command to output the proxy on "
 "stdout as a single line in the previously specified URI format or the word "
 "<literal>DIRECT</literal> if no proxy should be used. No output indicates "
@@ -10073,14 +10073,23 @@ msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-http.1.xml
 #, fuzzy
 #| msgid ""
 #| "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used "
 #| "to enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be "
 #| "beneficial e.g. on high-latency connections. It specifies how many "
 #| "requests are sent in a pipeline.  APT tries to detect and workaround "
 #| "misbehaving webservers and proxies at runtime, but if you know that yours "
 #| "does not conform to the HTTP/1.1 specification pipelining can be disabled "
 #| "by setting the value to 0. It is enabled by default with the value 10."
 msgid ""
 "The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to "
 "enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e."
 "g. on high-latency connections. It specifies how many requests are sent in a "
 "pipeline.  APT tries to detect and workaround misbehaving webservers and "
 "pipeline.  APT tries to detect and work around misbehaving webservers and "
 "proxies at runtime, but if you know that yours does not conform to the "
 "HTTP/1.1 specification pipelining can be disabled by setting the value to 0. "
 "It is enabled by default with the value 10."
 "HTTP/1.1 specification, pipelining can be disabled by setting the value to "
 "0. It is enabled by default with the value 10."
 msgstr ""
 "Le réglage <literal>Acquire::http::Pipeline-Depth</literal> permet "
 "d'utiliser l'enchaînement HTTP (« HTTP pipelining », RFC 2616 section "
@@ -10116,7 +10125,7 @@ msgstr ""
 #: apt-transport-http.1.xml
 msgid ""
 "<literal>Acquire::http::SendAccept</literal> is enabled by default and sends "
 "a <literal>Accept: text/*</literal> header field to the server for requests "
 "an <literal>Accept: text/*</literal> header field to the server for requests "
 "without file extensions to prevent the server from attempting content "
 "negotiation."
 msgstr ""
@@ -10157,18 +10166,18 @@ msgstr ""
 #: apt-transport-https.1.xml
 msgid ""
 "This APT transport allows the use of repositories accessed via the HTTP "
 "Secure protocol (HTTPS) also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was before that available in a <package>apt-"
 "transport-https</package> package. Note that a transport is never called "
 "directly by a user but used by APT tools based on user configuration."
 "Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available "
 "by default since apt 1.5 and was available before that in the package "
 "<package>apt-transport-https</package>. Note that a transport is never "
 "called directly by a user but used by APT tools based on user configuration."
 msgstr ""

 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "HTTP is by itself an unencrypted transport protocol (compare &apt-transport-"
 "http;), which, as indicated by the appended S is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) which provides end-to-end "
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
 "communication partners and deeper analyse of the encrypted communcation "
 "might still reveal important details.  An overview over available "
@@ -10178,9 +10187,8 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><para>
 #: apt-transport-https.1.xml
 msgid ""
 "The HTTPS protocol is based on the HTTP protocol and as such this "
 "implementation has the same relation meaning that all options supported by "
 "&apt-transport-http; are also available via <literal>Acquire::https</"
 "The HTTPS protocol is based on the HTTP protocol, so all options supported "
 "by &apt-transport-http; are also available via <literal>Acquire::https</"
 "literal> and will default to the same values specified for <literal>Acquire::"
 "http</literal>. This manpage will only document the options <emphasis>unique "
 "to https</emphasis>."
@@ -10199,13 +10207,13 @@ msgid ""
 "certificate. An alternative certificate authority (CA) can be configured "
 "with the <literal>Acquire::https::CAInfo</literal> option and its host-"
 "specific option <literal>Acquire::https::CAInfo::<replaceable>host</"
 "replaceable></literal>.  The option specifies a file is made of the "
 "concatenation of the CA certificates (in PEM format) creating the chain used "
 "for the verification of the path from the root (self signed one). If the "
 "remote server provides the whole chain during the exchange, the file need "
 "only contain the root certificate. Otherwise, the whole chain is required. "
 "If you need to support multiple authorities, the only way is to concatenate "
 "everything."
 "replaceable></literal>.  The CAInfo option specifies a file made up of CA "
 "certificates (in PEM format)  concatenated together to create the chain "
 "which APT should use to verify the path from your self-signed root "
 "certificate. If the remote server provides the whole chain during the "
 "exchange, the file need only contain the root certificate. Otherwise, the "
 "whole chain is required. If you need to support multiple authorities, the "
 "only way is to concatenate everything."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10213,8 +10221,8 @@ msgstr ""
 msgid ""
 "A custom certificate revocation list (CRL) can be configured with the "
 "options <literal>Acquire::https::CRLFile</literal> and <literal>Acquire::"
 "https::CRLFile::<replaceable>host</replaceable></literal> respectively.  "
 "Like the previous option a file in PEM format needs to be specified."
 "https::CRLFile::<replaceable>host</replaceable></literal>.  As with the "
 "previous option, a file in PEM format needs to be specified."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10225,15 +10233,15 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "When authenticating the server, if the certificate verification fails for "
 "some reason (expired, revoked, man in the middle, …), the connection fails.  "
 "During server authentication, if certificate verification fails for some "
 "reason (expired, revoked, man in the middle, etc.), the connection fails.  "
 "This is obviously what you want in all cases and what the default value "
 "(true)  of the option <literal>Acquire::https::Verify-Peer</literal> and its "
 "host-specific variant provides. If you know <emphasis>exactly</emphasis> "
 "what you are doing, setting this option to \"false\" allows you to skip peer "
 "certificate verification and make the exchange succeed. Again, this option "
 "is for debugging or testing purpose only as it removes all security provided "
 "by the use of HTTPS."
 "what you are doing, setting this option to \"<literal>false</literal>\" "
 "allows you to skip peer certificate verification and make the exchange "
 "succeed. Again, this option is for debugging or testing purposes only as it "
 "removes all security provided by the use of HTTPS."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><para>
@@ -10246,8 +10254,8 @@ msgid ""
 "2818, the name of the mirror is checked against the identity found in the "
 "certificate. This default behavior is safe and should not be changed, but if "
 "you know that the server you are using has a DNS name which does not match "
 "the identity in its certificate, you can set the option to \"false\", which "
 "will prevent the comparison to be done."
 "the identity in its certificate, you can set the option to \"<literal>false</"
 "literal>\", which will prevent the comparison from being performed."
 msgstr ""

 #. type: Content of: <refentry><refsect1><refsect2><title>
@@ -10258,10 +10266,10 @@ msgstr ""
 #. type: Content of: <refentry><refsect1><refsect2><para>
 #: apt-transport-https.1.xml
 msgid ""
 "Beside the password based authentication available (see &apt-authconf;) "
 "HTTPS supports authentication based on client certificates as well via "