Hi Ansgar,
Ansgar Burchardt wrote:
> apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
> to apt-get, that is it disables *all* signature checks allowing MitM
> attacks to serve malicious data.
Thanks for the heads up. I'll have a look into it and will publish my
proposed QA upload for review as git repo somewhere on Alioth, maybe
collab-maint.
Dominique: Please respond if you (as last uploader) are also working
on a fix for this so that we can avoid duplicated work.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
