Bug#545900: pbuilder uses debootstrap in am insecure way
Loïc Minier
lool at dooz.org
Wed Dec 30 10:44:29 UTC 2009
tag 545900 + confirmed
stop
On Wed, Sep 09, 2009, Christoph Anton Mitterer wrote:
> I've seen that you cache packages in /var/cache/pbuilder/aptcache
> How are these retrieved? Are they verified against the archive keyrings?
pbuilder has historically passed
Aptitude::CmdLine::Ignore-Trust-Violations=true when installing
packages with aptitude and -y --force-yes when installing packages with
apt-get, so missing or incorrect signatures wont prevent a package from
being installed.
--
Loïc Minier
More information about the Pbuilder-maint
mailing list