Am 18.02.2012 16:18, schrieb Jakub Wilk:
The bug is closed. Am I missing something?
But anyway, this is saddening. Hundreds (? - wild guess) of
developers have been building their packages in insecure environment,
yet pbuilder maintainer and a member of Security Team believe that it
was a feature, not a bug. :|
And looking at my current sid pbuilderrc manpage I read at least:
APTGETOPT=('--force-yes')
Extra flags to give to apt-get. Default is --force-yes,
which
will skip key verification of packages to be installed.
Unset if
you want to enable key verification.
=> what does verification mean here?
and
PBUILDERSATISFYDEPENDSOPT=('--check-key')
Array of flags to give to pbuilder-satisfydepends.
Specifying
--check-key here will try to verify key signatures.
=> "try"? Doesn't sound trustworthy at least :(
Cheers,
Chris.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/42cef275f2916e38bd6cb5c037dcc...@scientia.net
