[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC auth patch

On Thursday 15 February 2007 20:05, Joey Hess wrote:
> I think this is worth putting in because it's useful both when a key
> expires and you still need to use old installation media, and when
> installing from an unofficial, unsigned mirror, like the one the armel
> port is using.

I have no objection in principle. A few comments.

> Index: manual/en/appendix/preseed.xml
> ===================================================================
> +#d-i debian-installer/allowunauthenticated string true

Shouldn't this parameter be documented as a boot parameter too? Would it 
be worth creating an alias for it (as it is very long in its raw form)?

Also, I'd suggest debian-installer/allow_unauthenticated for readability.

> Index: packages/base-installer/debian/postinst
> +	cat > /target/etc/apt/apt.conf.d/00AllowUnauthenticated << EOT
> +# Force apt to ignore auth issues.
> +# Warning: This configuration is insecure and not recommended!
> +APT::Get::AllowUnauthenticated "true";
> +EOT

Should this be really be kept by default for the target system? If so, 
that should be documented very clearly.
I even think there should be a dialog to warn about that, which makes the 
change a post-etch one because we don't want to introduce new strings at 
this point.

Attachment: pgpk3ioqo1Yl4.pgp
Description: PGP signature

Reply to: