Bug#579028: workaround
Helmut Grohne
helmut at subdivi.de
Fri Mar 2 21:47:53 UTC 2012
As Ansgar Burchard pointed out the default pbuilder configuration does
not enforce usage of signed packages. If you are quick, you can spot a
warning about an unverified signature. Since version 0.199 there is a
way to turn on enforced signature verification. The method is documented
both in man pbuilderrc and the changelog and is to set the following
option.
PBUILDERSATISFYDEPENDSOPT=('--check-key')
Now the bad thing is that according to man pbuilderrc the default value
for PBUILDERSATISFYDEPENDSCMD is aptitude which does not permit unsigned
repositories. This suggests that it would actually check those
signatures in the default configuration. This way of pretending false
security is dangerous and I totally agree that this is a security issue.
On the other hand Junichi Uekawa already did the work of solving this
issue and just did not enable the check by default. Maybe tech-ctte
needs to decide?
Helmut
More information about the Pbuilder-maint
mailing list