Bug#432309: debootstrap should use signed Release files

To: 432309@bugs.debian.org
Subject: Bug#432309: debootstrap should use signed Release files
From: Christoph Anton Mitterer <christoph.mitterer.ext@siemens.com>
Date: Mon, 09 Jul 2007 13:38:21 +0200
Message-id: <[🔎] 1183981101.3428.7.camel@pfaffwerkst01.asw.mchp.siemens.de>
Reply-to: Christoph Anton Mitterer <christoph.mitterer.ext@siemens.com>, 432309@bugs.debian.org
In-reply-to: <200707091327.02335.elendil@planet.nl>
References: <[🔎] 1183977414.3428.0.camel@pfaffwerkst01.asw.mchp.siemens.de> <200707091327.02335.elendil@planet.nl>

Hi Frans.

That happens when I make long lists with headwords about possible bugs/enhancements that i finally submit all at one rainy day like today *G*
After having a closer look at debootstrap again I remember what I really wanted to suggest *G*:

- I think it would be an improvement if debootstrap would per default use the standard debian-archive-keyring for validating the Release files. It still could allow to select another or disable checking at all (via a new option), thus:
- debootstrap should depend on or at least recommend debian-archive-keyring

Best wishes,
Chris.

btw: What's the reason to keep both debootstrap and cdebootstrap in debian? They seem to be very similar.

Reply to:

Follow-Ups:
- Bug#432309: should check Release signature by default?
  - From: Frans Pop <elendil@planet.nl>

References:
- Bug#432309: debootstrap should use signed Release files
  - From: Christoph Anton Mitterer <christoph.mitterer.ext@siemens.com>

Prev by Date: Bug#432309: marked as done (debootstrap should use signed Release files)
Next by Date: Re: Notes from the "D-I future" BOF meeting at Debconf
Previous by thread: Bug#432309: marked as done (debootstrap should use signed Release files)
Next by thread: Bug#432309: should check Release signature by default?
Index(es):
- Date
- Thread