[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH 7/7] Work around my laziness wrt. signing the Release file for my repository.

On Mon, Aug 16, 2010 at 01:20:26PM +0200, Jeremie Koenig wrote:
> diff --git a/util/get-packages b/util/get-packages
> index a80fe16..3013743 100755
> --- a/util/get-packages
> +++ b/util/get-packages
> @@ -77,7 +77,7 @@ fi
>  # All these options make apt read the right sources list, and use APTDIR for
>  # everything so it need not run as root.
> -APT_GET="apt-get --assume-yes \
> +APT_GET="apt-get --assume-yes --force-yes \
>  	-o Dir::Etc::sourcelist=`pwd`/$LIST \
>  	-o Dir::Etc::sourceparts=/dev/null \
>  	-o Dir::Etc::Preferences=`pwd`/preferences.$TYPE.local \

I object to the aforementioned laziness being propagated to the official d-i
builds.  You are overriding a key element of the trust path used to
guarantee the integrity of the components being downloaded for assembly of
official Debian releases.  This must not be done.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: