Having an option to require a trust path would be good. It can be off by default to avoid compatibility issues and creeping security lax.
As it stands, there is no convenient way to require signature verification with debootstrap itself, so I'm currently working around it with an additional script before running debootstrap. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
