Christoph Anton Mitterer wrote: > So I suggest that it should be changed the follwing way,... > that if no --keyring is given, neither debian-archive-keyring is > installed (and usable)... debootstrap should fail (unless --no-check-gpg > is given). > > I don't think this will break a lot, as most systems will probably have > debian-archive-keyring installed.
debootstrap is used on a wide variety of non-debian systems, which do not have it installed, and probably have no trust path to securely install the debian keyring. Given that apt already depends on debian-archive-keyring, it's unlikely that a debian system does not have it installed. -- see shy jo
signature.asc
Description: Digital signature
