Bug#579028: pbuilder: installs untrusted packages without asking
Ansgar Burchardt
ansgar at debian.org
Thu Feb 23 22:08:45 UTC 2012
notfixed 579028 0.199
severity 579028 grave
thanks
A recent discussion reminded me of this bug and after some thinking I
decided to reopen it. I do not believe a package in Debian should
disable secure apt by default, allowing a man-in-the-middle to take over
the system.
This is even more so for a package that is used by many people to
produce binaries for the archive and is likely to be run on systems
having sensitive data (such as pgp keys).
Regards,
Ansgar
More information about the Pbuilder-maint
mailing list