-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Junichi Uekawa dixit:
>I don't share the opinion that this should be a grave bug to change
>the default, and in order to change the default you need to deprecate
>a command-line option and introduce two new command-line options when
>you could have
At Tue, 06 Mar 2012 02:29:25 +0100,
Simon Ruderich wrote:
>
> Package: pbuilder
> Version: 0.206
> Tags: patch
> Followup-For: Bug #579028
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dear Maintainer,
>
> The attached patch changes the defaults to always enforce signed
> repositori
At Tue, 06 Mar 2012 02:29:25 +0100,
Simon Ruderich wrote:
>
> [1 ]
> Package: pbuilder
> Version: 0.206
> Tags: patch
> Followup-For: Bug #579028
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dear Maintainer,
>
> The attached patch changes the defaults to always enforce signed
> re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Mar 06, 2012 at 02:29:25AM +0100, Simon Ruderich wrote:
> I tested it with the official Debian repository, signed and
> unsigned local repositories and it works fine for me. But I'm
> only a "normal" pbuilder user, so I might have missed some
Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new optio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Ansgar Burchardt dixit:
>decided to reopen it. I do not believe a package in Debian should
>disable secure apt by default, allowing a man-in-the-middle to take over
>the system.
>
>This is even more so for a package that is used by many people to
>
At Fri, 11 Jun 2010 18:20:58 -0700,
Vagrant Cascadian wrote:
>
>
> in pbuilder-satisfydepends-aptitude:$CHROOTEXEC aptitude -y
> --without-recommends -o APT::Install-Recommends=false -o
> Aptitude::CmdLine::Ignore-Trust-Violations=true -o
> Aptitude::ProblemResolver::StepScore=100 install
At Sun, 25 Apr 2010 00:01:36 +0900,
Ansgar Burchardt wrote:
>
> Package: pbuilder
> Version: 0.196
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> pbuilder will by default install packages from untrusted sources. This
> means the system can be compromised by a
severity wishlist
thanks
At Sun, 25 Apr 2010 00:01:36 +0900,
Ansgar Burchardt wrote:
>
> Package: pbuilder
> Version: 0.196
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> pbuilder will by default install packages from untrusted sources. This
> means the syst
On Fri, Jun 11, 2010, Vagrant Cascadian wrote:
> 2007-04-22 Loic Minier
>
> * pbuilder-satisfydepends-aptitude: Pass
> Aptitude::ProblemResolver::StepScore and
> Aptitude::CmdLine::Ignore-Trust-Violations flags to aptitude to
> help resolve complex situations rela
in pbuilder-satisfydepends-aptitude:$CHROOTEXEC aptitude -y
--without-recommends -o APT::Install-Recommends=false -o
Aptitude::CmdLine::Ignore-Trust-Violations=true -o
Aptitude::ProblemResolver::StepScore=100 install pbuilder-satisfydepends-dummy
i don't know if the other satisfydepends sc
Package: pbuilder
Version: 0.196
Severity: grave
Tags: security
Justification: user security hole
Hi,
pbuilder will by default install packages from untrusted sources. This
means the system can be compromised by a man in the middle providing
malicious packages. There also seems no way to get pb
12 matches
Mail list logo
