Ah yes, apt-key still needs a fix to validate the downloaded key.
Reopening.
I wish we could actually validate the web of trust on PPA keys instead
of solely relying on key ids though.
** Also affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apt (Ubuntu Hardy)
Status: New => Confirmed
** Changed in: apt (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: apt (Ubuntu Natty)
Status: New => Confirmed
** Changed in: apt (Ubuntu Oneiric)
Status: New => Confirmed
** Changed in: apt (Ubuntu Precise)
Status: New => Confirmed
** Changed in: apt (Ubuntu Quantal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1016643
Title:
add-apt-repository downloads gpg key in an insecure fashion
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg/+bug/1016643/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
