On Fri, 2015-05-15 at 04:58 +0200, Cyril Brulebois wrote: > Control: tag -1 pending > > jnqnfe <jnq...@gmail.com> (2015-01-15): > > Package: debootstrap > > Severity: important > > Tags: security patch > > > > In the event of a GPG keyring not being found, debootstrap may fallback > > to the alternative security of an https mirror. > > > > Users lacking the requisite GPG keyring file (or perhaps just making a > > typo in their parameters) may not necessarily be satisfied with the > > security of https. They might like a choice of simply receiving an error > > instead, prompting them to investigate and resolve the missing keyring > > issue, and should not be expected to have to take care to watch the log > > output to check the file was found and if not then terminate the process > > in such cases. > > > > The attached patch adds a simple new --no-https-fallback parameter to > > provide users with control over the fallback behaviour. > > > > Note, this patch builds upon my patches for bugs #661501 and #775449; I > > haven't checked whether conflicts occur if applying it without those > > already in place, applogies for that, I have a lot of work to do. > > I've implemented a slightly modified version of your patch. Feel free to > follow up in case I missed something: > https://anonscm.debian.org/cgit/d-i/debootstrap.git/commit/?id=be99f7b > > Mraw, > KiBi.
Looks good to me! :) -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1431699119.1981.0.ca...@gmail.com
