Re: leaks in our only-signed-software fortress
On Sat, Feb 18, 2012 at 04:31:19PM +0100, Ansgar Burchardt wrote:
> Jakub Wilk <email@example.com> writes:
> > * Ansgar Burchardt <firstname.lastname@example.org>, 2012-02-18, 14:14:
> >>>Could you point us to those which were ignored or denied?
> >>At least pbuilder still disables secure APT by default, see #579028.
> > The bug is closed. Am I missing something?
> pbuilder was changed to pass the --keyring argument to debootstrap by
> default and there now is an option to enable secure apt, but it is still
> disabled by default.
This should be safe to enable now. We had problems enabling it in
sbuild (in 2005) when tools first started supporting it for backward-
compatibility reasons, but it's been the default for some time now
(since July 2008) since everything we would want to build on
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800