Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks

To: Julian Andres Klode <jak@debian.org>
Cc: 592115@bugs.debian.org, dpkg@packages.debian.org
Subject: Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Sat, 07 Aug 2010 22:08:10 +0200
Message-id: <1281211690.7661.121.camel@fermat.scientia.net>
In-reply-to: <1281209268.23476.49.camel@jak-thinkpad>
References: <20100807161730.6543.7086.reportbug@heisenberg.scientia.net> <1281209268.23476.49.camel@jak-thinkpad>

On Sat, 2010-08-07 at 21:27 +0200, Julian Andres Klode wrote:
> As everyone should know, dpkg unpacks the source packages and verifies
> them using gpg. APT knows that the package is secure, because the source
> is secure.
Ah I've missed that this is from the debsig, and not from checking the
integrity via the Release file etc.

Is apt-get even checking the integrity via the later, when using apt-get
source?

Nevertheless,... I still don't understand, why I get that error....
especially, as I e.g. don't get it for the package gnupg (in contrast to
base-files).... and I don't get it at all in sid.

Cheers,
Chris.

Reply to:

References:
- Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks
  - From: Julian Andres Klode <jak@debian.org>

Prev by Date: Fwd: debdiff for v3 source packages with multiple tarballs?
Next by Date: Re: Fwd: debdiff for v3 source packages with multiple tarballs?
Previous by thread: Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks
Next by thread: Fwd: debdiff for v3 source packages with multiple tarballs?
Index(es):
- Date
- Thread