APT policy facts

Something I learned today: APT policy will ignore release information from the repository if it can’t verify the repository signature. When that happens, any pinning rules that try to match release information won’t fire. This happens even if you force it to install untrusted packages.