Bug#545905: pbuilder uses debootstrap in a potentially insecure way
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Wed Sep 9 21:14:30 UTC 2009
Package: pbuilder
Version: 0.189
Severity: important
Tags: security
Hi.
debootstrap (unlike cdebootstrap IIRC) does not check signatures on
any packages per default, but only when the "--keyring" option is used.
This
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Pbuilder-maint
mailing list