Having an option to require a trust path would be good. It can be off by default to avoid compatibility issues and creeping security lax.
As it stands, there is no convenient way to require signature verification with debootstrap itself, so I'm currently working around it with an additional script before running debootstrap. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f0c404.5030...@opera.com
