Package: apt
Version: 2.9.31
Severity: wishlist

Hey.

I generally think it's a bad idea if programs trust the full set of
system-widely configured CA certs per default.

These are ~150 root CAs, many of them effectively under the control
of totalitarian or at least quite questionable countries... some of
them having already been observed several times of forging certs
(of course only "by accident").
There are probably some thousands of intermediate CAs which can also
more or less sign everything.


For APT this is of course not really a security problem, because
we have secure APT for that.


But because of the above, I still tend to harden my systems by
simply deconfiguring all CA certs, so that /etc/ssl/certs is effectively
empty.
By that I notice quite quickly if something wants to blindly trust, all
CAs.

Doing that however, causes of course troubles with APT.
Now I know that I can set Acquire::https::CAInfo and friends, but it
seems only globally?!


It would however make sense to set these on a per-repo basis.

It's not urgent, of course, but maybe it could get implemented some day.


Thanks,
Chris.

Reply via email to