Bug#579028: pbuilder: installs untrusted packages without asking

Ansgar Burchardt ansgar at debian.org
Thu Feb 23 22:08:45 UTC 2012


notfixed 579028 0.199
severity 579028 grave
thanks

A recent discussion reminded me of this bug and after some thinking I
decided to reopen it.  I do not believe a package in Debian should
disable secure apt by default, allowing a man-in-the-middle to take over
the system.

This is even more so for a package that is used by many people to
produce binaries for the archive and is likely to be run on systems
having sensitive data (such as pgp keys).

Regards,
Ansgar





More information about the Pbuilder-maint mailing list