[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#610753: marked as done (debootstrap: use apt trusted keys with --keyring by default)

Your message dated Fri, 15 May 2015 05:17:30 +0200
with message-id <20150515031730.GB15828@mraw.org>
and subject line Re: Bug#432309: should check Release signature by default?
has caused the Debian Bug report #432309,
regarding debootstrap: use apt trusted keys with --keyring by default
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
432309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432309
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: debootstrap
Severity: wishlist

When building a debian vm, using live-magic etc. it is common to use debootstrap.
When the --keyring argument is omitted, as per the man page, "Release file signatures are not checked."
IMHO this behaviour differs from the 'normal' use of secure apt (by default) [0]. 
The --keyring option exists it should be 'on by default'. I suggest the use of /etc/apt/trustdb.gpg 
for the keyring argument (If none is specified).  


[0] - http://wiki.debian.org/SecureApt
-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Christoph Anton Mitterer <calestyo@scientia.net> (2013-06-30):
> Hey Joey
> 
> On Sat, 2013-06-29 at 14:57 -0400, Joey Hess wrote:
> > I'm not talking about building debootstrap to bootstrap some other linux
> > distribution. I'm talking about the common practice of using it to
> > bootstrap debian from other linux distributions.
> Sure... I did the same...
> 
> If you use debootstrap from another distro... you must build it there,
> right?
> 
> And during such build ./configure could e.g. check for
> /etc/debian_version or perhaps /etc/os-release
> If it finds something it knows (e.g. Debian or Ubuntu)... it could hard
> code the expectancy of a keyring ... or not.
> 
> 
> 
> Anyway... as said I think for most security, it would be best if per
> default it always expects a keyring, unless --no-check-gpg is given.
> Regardless of where it is build or what you try to bootstrap.
> 
> Systems that depend on not checking for signatures will be quickly
> identified and can be simply made working again by adding
> --no-check-gpg... and that's actually a good way for people to see that
> they might have a security problem. At least it's better instead letting
> people accidentally shoot themselves into their feet.
> 
> In that case it should however try to use default keyrings (if
> available) e.g. debian-archive-keyring for any Debian based suite.
> or emdebian-archive-keyring for emdebian, etc.
> The problem here is just, that the suite name might be ambiguous... :(

No, we won't make requiring keyring checks the default; but you can now
request it, see #733179 (where you'll also find the reasons against a
change in the default behaviour).

Closing this bug report accordingly.

Mraw,
KiBi.

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: