Bug#432309: should check Release signature by default?

To: Christoph Anton Mitterer <calestyo@scientia.net>, 432309@bugs.debian.org
Cc: 515938@bugs.debian.org, 610753@bugs.debian.org
Subject: Bug#432309: should check Release signature by default?
From: Joey Hess <joeyh@debian.org>
Date: Sat, 29 Jun 2013 13:43:04 -0400
Message-id: <[🔎] 20130629174304.GA18809@gnu.kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 432309@bugs.debian.org
In-reply-to: <[🔎] 1372525853.26644.7.camel@heisenberg.scientia.net>
References: <[🔎] 1372525853.26644.7.camel@heisenberg.scientia.net>

Christoph Anton Mitterer wrote:
> So I suggest that it should be changed the follwing way,...
> that if no --keyring is given,   neither debian-archive-keyring is
> installed (and usable)... debootstrap should fail (unless --no-check-gpg
> is given).
> 
> I don't think this will break a lot, as most systems will probably have
> debian-archive-keyring installed.

debootstrap is used on a wide variety of non-debian systems, which do
not have it installed, and probably have no trust path to securely
install the debian keyring.

Given that apt already depends on debian-archive-keyring, it's unlikely
that a debian system does not have it installed.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#432309: should check Release signature by default?
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Bug#432309: should check Release signature by default?
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Processed: Re: should check Release signature by default?
Next by Date: Bug#714470: installation-report: UEFI boot fails after install
Previous by thread: Processed: Re: should check Release signature by default?
Next by thread: Bug#432309: should check Release signature by default?
Index(es):
- Date
- Thread