severity 579028 wishlist thanks At Thu, 24 Jun 2010 18:13:55 +0200, Mehdi Dogguy wrote: > > reopen 579028 = > thanks > > On 0, Junichi Uekawa <dan...@netfort.gr.jp> wrote: > > At Sun, 25 Apr 2010 00:01:36 +0900, > > Ansgar Burchardt wrote: > > > > > > pbuilder will by default install packages from untrusted sources. This > > > means the system can be compromised by a man in the middle providing > > > malicious packages. There also seems no way to get pbuilder to stop > > > doing so. > > > > > > pbuilder should (in the default configuration) not install packages that > > > are not trusted, only when the user explicitly requests this explicitly. > > > > I don't agree to this point since this will break all existing > > configuretions. > > Can you please explain how this will break "all existing configurations"? > Does it mean that all people are using untrusted repositories when using > pbuilder? > > At least, could you provide a flag to control this behaviour from pbuilder's > command-line and turn it off by default? Breaking untrusted/broken > configurations > cannot be a counterargument, IMHO. > > Please don't close this bugreport before correctly fixing this issue or > discussing its seriousness. Also, the initial report asked for two changes. > Only one of them is fixed in 0.198. > > Regards, > > -- > Mehdi Dogguy >
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
