Am 18.02.2012 14:34, schrieb Neil Williams:
>- packages that eventually run some code which was downloaded
>unsecured.
>debootstrap used to be like that, pbuilder, and some others
Only a bug if this happens by default.
It is perfectly acceptable to support an option to disable SecureApt
-
just as long as this is not the default. Tools in Debian need to work
with systems outside Debian and those do not necessarily *need*
SecureApt because the entire loop is internal or even local to the
one
machine.
Agreed,.... but it WAS the default till recently,.. e.g. in debootstrap
till 1.0.30, when my bug #560038 was fixed (thanks Joey :) ).
And of course anything that used debootstrap (e.g. pbuilder, piuparts
do so) was automatically insecure, too. (till then)
Cheers,
Chris.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/121005584832f4d35086604441f21...@scientia.net
