Package: apt Version: 1.4.8 Severity: wishlist Dear Maintainer,
Aptitude developers have taken the liberty of deciding for everyone subjectively what quality of cryptographic signature is adequate for everyone in a single sweeping decision, without knowing the individual threat models and assets that the decision is trying to protect. This decision is in the wrong hands. Sys admins are accountable for the security of the systems they control, and so responsibility and control should go to the same people who have accountability. Specifically, consider the SHA1 removal, documented here: https://wiki.debian.org/Teams/Apt/Sha1Removal If the apt team must decide on everyones security standards, blocking SHA1 was a good move. But that's not the case. The apt suite of tools could have some sensible defaults as far as which signing algorithms are accepted or not, but ultimately the admin should be in control of her own system. Maybe an admin finds SHA256 insufficient, and requires an even higher standard. Who is the apt team to tell her which algorithm she may and may not trust? There is a hack to say trust all, which can even be used on a per repository basis or all repositories, but this is the wrong mechanism as it disables validity checking entirely. The sys admin should control which algorithms are fit for purpose, and the apt tool should check validity on admin-permitted algorithms. -- Package-specific info: -- (no /etc/apt/preferences present) -- -- (no /etc/apt/preferences.d/* present) -- -- (/etc/apt/sources.list present, but not submitted) -- -- (/etc/apt/sources.list.d/gc2latex.list present, but not submitted) -- -- (/etc/apt/sources.list.d/gc2latex.list.save present, but not submitted) -- -- (/etc/apt/sources.list.d/gc2latex.list~ present, but not submitted) -- -- (/etc/apt/sources.list.d/ring-nightly-main.list present, but not submitted) -- -- (/etc/apt/sources.list.d/ring-nightly-main.list.save present, but not submitted) -- -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=1508228706 WARNING torsocks[12992]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488) UTF-8), LANGUAGE=en_US.UTF-8 (charmap=1508228706 WARNING torsocks[12994]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488) UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.115 ii debian-archive-keyring 2017.5 ii gpgv 2.1.18-8~deb9u1 ii init-system-helpers 1.48 ii libapt-pkg5.0 1.4.8 ii libc6 2.24-11+deb9u1 ii libgcc1 1:6.3.0-18 ii libstdc++6 6.3.0-18 Versions of packages apt recommends: ii gnupg 2.1.18-8~deb9u1 Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.8.7-1 ii dpkg-dev 1.18.24 ii powermgmt-base 1.31+nmu1 pn python-apt <none> ii synaptic 0.84.2 -- debconf information excluded