Bug#579028: pbuilder: installs untrusted packages without asking
Mehdi Dogguy
mehdi at dogguy.org
Thu Jun 24 17:08:28 UTC 2010
On 0, Junichi Uekawa <dancer at netfort.gr.jp> wrote:
>
> Yes, it's intentionally this way, to not to break compatibility with
> older versions, and support local repositories, and keep pbuilder
> non-interactive.
>
Being able to use pbuilder with local repositories is a good reason to
provide an option to desactivate the check, but not to provide it as a
defautl, IMO.
To me, turning trust check on by default and providing an option to
desactivate[1] it seems a saner approach than turning off the check by
default and not providing any option to activate it.
Concerning local repositories, one may also sign his packages and
install the keyring in the chroot.
[1] and maybe adding a disclaimer to warn the user (like aptitude does
for example).
Regards,
--
Mehdi Dogguy
More information about the Pbuilder-maint
mailing list