[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#610753: debootstrap: use apt trusted keys with --keyring by default

david b wrote:
> Package: debootstrap
> Severity: wishlist
> When building a debian vm, using live-magic etc. it is common to use debootstrap.
> When the --keyring argument is omitted, as per the man page, "Release file signatures are not checked."
> IMHO this behaviour differs from the 'normal' use of secure apt (by default) [0]. 
> The --keyring option exists it should be 'on by default'. I suggest the use of /etc/apt/trustdb.gpg 
> for the keyring argument (If none is specified).  

The problem with this idea is that debootstrap can be used:

- to bootstrap on another distribution, which won't have that keyring
- to bootstrap one Debian or derivative on another, so that keyring
  will be present but not have the right keys in it
- to bootstrap unstable on stable, so the keyring may have only old
  keys in it, not the current key used to sign unstable
  (I haven't checked if/when that occurs.)
- to bootstrap during installation, from a CD, in which case there
  is no available keyring at that point, and the media is trusted

Especially the first 3 cases seem hard to reconcile with checking
signatures by default.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: