Sounds like an idea. The point I'm trying to make is that the average user should be able to expect that the default packages that ship are in a way safe. And cache poisoning has become a lot more common than maybe 10 years ago, as new techniques are found (think of the DNS flaw mid 2008 by Dan Kaminsky).
If upstream doesn't care about this bug, it's their decision, but it's also Ubuntu's responsibility to decide what is safe and what is not for Ubuntu. And if I had the voting power, I'd say this *is* a showstopper for jaunty, and should be addressed in intrepid, too. -- Adept does not warn if packages are unsigned https://bugs.launchpad.net/bugs/256245 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to adept in ubuntu. -- kubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
