Hi, and sorry for the lag, been busy with some offline things.
Romain Bignon <rom...@symlink.me> (2015-01-08): > On 08/Jan - 11:11, Cyril Brulebois wrote: > > I would expect the Debian packages to contain some kind of trust chain > > to bootstrap the keyring handling, and weboob to abort instead of > > “blindly accepting” in other cases. > > You're right we should have the official keyring distributed in the > Debian package, but in case the user adds a new repository, we > shouldn't reject it but ask him to accept (like ssh)? yes, that looks like a sane thing to do (possibly pointing to some instructions on how to check the trust chain). > I'm going to send a patch on the package this week. Great, thanks. Mraw, KiBi.
signature.asc
Description: Digital signature
