Axel Beckert a...@debian.org writes:
I've though observed two possibly minor issues with it:
* An existing /etc/apt/sources.list.d/apt-build.list is not updated to
add [trusted=yes].
Could probably be added in postinst (apt-build.list is not a conffile),
e.g. something like
sed -i
Control: tag -1 + pending
Hi,
Ansgar Burchardt wrote:
Axel Beckert a...@debian.org writes:
I've though observed two possibly minor issues with it:
* An existing /etc/apt/sources.list.d/apt-build.list is not updated to
add [trusted=yes].
Could probably be added in postinst
Processing control commands:
tag -1 + pending
Bug #659015 [apt-build] apt-build: disables apt's signature checking
Added tag(s) pending.
--
659015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To
Processing commands for cont...@bugs.debian.org:
retitle 659015 apt-build: disables apt's signature checking
Bug #659015 [apt-build] Sign apt-build repository
Changed Bug title to 'apt-build: disables apt's signature checking' from 'Sign
apt-build repository'
severity 659015 grave
Bug #659015
Hi Ansgar,
Axel Beckert wrote:
Ansgar Burchardt wrote:
apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
to apt-get, that is it disables *all* signature checks allowing MitM
attacks to serve malicious data.
Thanks for the heads up. I'll have a look into it and will
Hi Ansgar,
Ansgar Burchardt wrote:
apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
to apt-get, that is it disables *all* signature checks allowing MitM
attacks to serve malicious data.
Thanks for the heads up. I'll have a look into it and will publish my
proposed QA
6 matches
Mail list logo
