Le mercredi, 27 mars 2013 12.59:15, Benjamin Cama a écrit : > attached version fix both problems (and is based on latest master, after > Julien disabled InRelease support). Please not that it will still print > what's _before_ the BEGIN header, if present (there shouldn't be > anything, but if you really want to be picky…)
Well, yes, we want to be picky: the whole point of checking the signature is to avoid letting unsigned content be considered valid by debootstrap / apt / etc. See CVE-2013-1051. That said, I think I would prefer a gpgv patch to only output verified content than such sed hackery (although nice). Cheers, OdyX -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
