Hi,
and sorry for the lag, been busy with some offline things.
Romain Bignon (2015-01-08):
> On 08/Jan - 11:11, Cyril Brulebois wrote:
> > I would expect the Debian packages to contain some kind of trust chain
> > to bootstrap the keyring handling, and weboob to abort instead of
> > “blindly acc
Hi,
On 08/Jan - 11:11, Cyril Brulebois wrote:
> I would expect the Debian packages to contain some kind of trust chain
> to bootstrap the keyring handling, and weboob to abort instead of
> “blindly accepting” in other cases.
You're right we should have the official keyring distributed in the Debi
Package: weboob
Version: 1.0-2
Severity: grave
Tags: security
Justification: security hole
Hi,
the keyring handling when adding a remote repository is… scary. Quoting
weboob/core/repositories.py:
| if not keyring.exists() or self.key_update > keyring.version:
| # This is a rem
3 matches
Mail list logo
