Enrico Zini <[EMAIL PROTECTED]> writes:

> I noticed that when I use sbuild+schroot to build my own packages, apt
> signature checking is turned off.  I tried to turn it on, but it
> requires patching /usr/share/perl5/Sbuild/Chroot.pm, as (unless I
> misread the code) disabling signature checking is currently hardcoded in
> sbuild:

This is correct.  This was done when signature checking was new, but
this is probably no longer appropriate.

There was also originally some concern that having signature-checking
tools inside a "minimal" chroot was not appropriate; I'm not sure if
this is still seen as a concern.

> I don't want to upload packages built with untrusted build-deps, so at
> them moment I'm not using sbuild (I might make myself a patched version
> now that I dug out the code).

> I'd say however that once the feature is implemented it should be
> enabled by default: it's supposed to be getting quite easy to attack
> random DDs' DNSes and hijack their debian mirrors.

Agreed.  I'll be happy to remove the hard-coding and make it
configurable.  I'm quite short of time ATM, so a patch would make it
much quicker.

The sbuild-createchroot script should ideally also set up the chroot
with the correct signatures in order to validate the mirror.  I'm not
too familiar with this part, so if it's possible to automate apt-key
usage as part of the debootstrap part, that would be great.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: pgpYbu3iW4gby.pgp
Description: PGP signature

Reply via email to