Package: apt Version: 0.6.38 Severity: normal /etc/apt/trusted.gpg is mode 600. This breaks anything that uses apt to download (etc) packages and runs as a regular user, since it cannot verify signatures. One example is the debian-installer build. We have worked around the problem there by the hack of pointing apt at /usr/share/apt/debian-archive.gpg, which I suspect is a temporary filename and which will cause unnecessary work for derivers. I don't see any reason to have the file not be world readable in stock installs, do you? -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages apt depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libgcc1 1:4.0.0-11 GCC support library ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3 apt recommends no packages. -- no debconf information -- see shy jo
Attachment:
signature.asc
Description: Digital signature