On Mon, Jun 08, 2015 at 12:09:37PM +0200, Alexander Thomas wrote: > On Mon, Jun 8, 2015 at 11:49 AM, Ansgar Burchardt <ansgar@debian.org> wrote: > > On 06/08/2015 10:29 AM, Alexander Thomas wrote: > >> We > >> falsely assumed that setting DEBIAN_FRONTEND=noninteractive > >> APT_LISTCHANGES_FRONTEND=none, and using the -y and --force-yes > >> options, would never invoke terminal-related code. > > > > Please be aware that --force-yes makes apt ignore invalid signatures for > > repositories, cf. https://bugs.debian.org/787174. It is a really unsafe > > option that should probably not be used in any automated way, though I > > have seen people do so in several places. > > I know, but this is a closed system and nothing is pulled in from > external repositories during this automated update. The stuff that is > included in the local patch repository is thoroughly tested before > release. Still, enforcing proper signing and getting rid of that > --force-yes is on our TODO list. Use --allow-unauthenticated in this case. Or better yet, mark the local source as [trusted=yes] in sources.list to avoid this prompt without opening the floodgates entirely. --force-yes e.g. also disables the 'Do as I say' prompt before destroying your system^W^W^Wremoving (pseudo) essential packages. It is on my TODO list to drop the --force-yes flag and replace it with specialised --allow-* flags 'just' to force users to acknowledge what it is they are saying yes to. Somehow most people are way more willing to add --allow-everything than --allow-prostate-exam … Best regards David Kalnischkies
Attachment:
signature.asc
Description: Digital signature