[apt-build-devel] Bug#659015: apt-build disables apt's signature verification
apt-build development list
apt-build-devel at lists.alioth.debian.org
Mon Mar 30 21:39:16 UTC 2015
Hi Ansgar,
Ansgar Burchardt wrote:
> apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
> to apt-get, that is it disables *all* signature checks allowing MitM
> attacks to serve malicious data.
Thanks for the heads up. I'll have a look into it and will publish my
proposed QA upload for review as git repo somewhere on Alioth, maybe
collab-maint.
Dominique: Please respond if you (as last uploader) are also working
on a fix for this so that we can avoid duplicated work.
Regards, Axel
--
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
More information about the Apt-build-devel
mailing list