david b wrote: > Package: debootstrap > Severity: wishlist > > When building a debian vm, using live-magic etc. it is common to use debootstrap. > When the --keyring argument is omitted, as per the man page, "Release file signatures are not checked." > IMHO this behaviour differs from the 'normal' use of secure apt (by default) [0]. > The --keyring option exists it should be 'on by default'. I suggest the use of /etc/apt/trustdb.gpg > for the keyring argument (If none is specified). The problem with this idea is that debootstrap can be used: - to bootstrap on another distribution, which won't have that keyring - to bootstrap one Debian or derivative on another, so that keyring will be present but not have the right keys in it - to bootstrap unstable on stable, so the keyring may have only old keys in it, not the current key used to sign unstable (I haven't checked if/when that occurs.) - to bootstrap during installation, from a CD, in which case there is no available keyring at that point, and the media is trusted Especially the first 3 cases seem hard to reconcile with checking signatures by default. -- see shy jo
Attachment:
signature.asc
Description: Digital signature