Package: apt Version: 2.9.31 Severity: wishlist
Hey. I generally think it's a bad idea if programs trust the full set of system-widely configured CA certs per default. These are ~150 root CAs, many of them effectively under the control of totalitarian or at least quite questionable countries... some of them having already been observed several times of forging certs (of course only "by accident"). There are probably some thousands of intermediate CAs which can also more or less sign everything. For APT this is of course not really a security problem, because we have secure APT for that. But because of the above, I still tend to harden my systems by simply deconfiguring all CA certs, so that /etc/ssl/certs is effectively empty. By that I notice quite quickly if something wants to blindly trust, all CAs. Doing that however, causes of course troubles with APT. Now I know that I can set Acquire::https::CAInfo and friends, but it seems only globally?! It would however make sense to set these on a per-repo basis. It's not urgent, of course, but maybe it could get implemented some day. Thanks, Chris.