Package: debian-installer Severity: normal Tags: d-i Hallo,
debian-installer should create /etc/apt/sources.list (or /etc/apt/ sources.list.d/debian.sources) with: [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] With the current implementation any owner of a 3rd-party repository installed into /etc/apt/trusted* could impersonate the official Debian repositories. (I have not investigated if per-release keyrings from debian-archive-keyring can be used reliably instead, but there is no keyring for bullseye right now.) Grüße Timo
signature.asc
Description: This is a digitally signed message part.
