Bug#545900: pbuilder uses debootstrap in am insecure way
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Wed Dec 30 12:28:58 UTC 2009
On Wed, 2009-12-30 at 11:44 +0100, Loïc Minier wrote:
> pbuilder has historically passed
> Aptitude::CmdLine::Ignore-Trust-Violations=true when installing
> packages with aptitude and -y --force-yes when installing packages with
> apt-get, so missing or incorrect signatures wont prevent a package from
> being installed.
I'd suggest to change this behaviour to something more secure ;)
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20091230/3beb1280/attachment.bin>
More information about the Pbuilder-maint
mailing list