Hi,
> > > Something I found on the Ubuntu site suggested to solve this problem
> > > by setting apt up to install a file in /etc/apt/apt.conf.d to set
> > > APT::Get::AllowUnauthenticated to 1. I think this would be better
> > > than either using --force-yes or trying to determine whether
> > > --allow-unauthenticated will be allowed.
> >
> > That sounds nice.
> > I'm not sure if older apt will choke on unknown configuration options.
>
> No, it won't. But for the sake of security and testing the functionality,
> please don't make this the default, and allow the user to enable it only if
> they use unsigned archives.
1. I am convinced apt/gpg is even useeful for pbuilder, support
should be added
2. 'How' is not quite decided, so pbuilder will ignore authentication
for the time being in 0.128, since it's completely broken right now.
Maybe for 0.129, I'll try and figure out a way to get hooks.
line of thought:
To use Debian only, is the only thing required in the chroot,
gnupg package? (since there seems to be already /etc/apt/trusted.gpg)
If so, then it would be trivial to add a hook somewhere to
just install gnupg package.
Having hooks to add more trusted keys would probably be doable through
hook scripts in 'pbuilder update';
but I will need to investigate as to their timings.
That said, I'm quite ambivalent about adding support for
authentication in pbuilder create since it's fetching
apt.deb containing *-archive.gpg files and downloading files
in one go; but even then it will be a protection against
compromise between later 'pbuilder update' runs.
regards,
junichi
--
Junichi Uekawa, Debian Developer http://www.netfort.gr.jp/~dancer/
183A 70FC 4732 1B87 57A5 CE82 D837 7D4E E81E 55C1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
