Am 18.02.2012 14:34, schrieb Neil Williams:
>- packages that eventually run some code which was downloaded >unsecured. >debootstrap used to be like that, pbuilder, and some othersOnly a bug if this happens by default.It is perfectly acceptable to support an option to disable SecureApt -just as long as this is not the default. Tools in Debian need to work with systems outside Debian and those do not necessarily *need*SecureApt because the entire loop is internal or even local to the onemachine.
Agreed,.... but it WAS the default till recently,.. e.g. in debootstrap till 1.0.30, when my bug #560038 was fixed (thanks Joey :) ). And of course anything that used debootstrap (e.g. pbuilder, piuparts do so) was automatically insecure, too. (till then)
Cheers, Chris.