Christian PERRIER wrote:
> This is the last call for comments for the review of debconf
> templates for publicfile-installer.
Hang on, Christian - this one's stalled. If it gets the critical
bugfix that's needed then that'll mean behavioural changes that will
need different debconf prompting.
(And then there's the more nebulous security issue that I never got
around to raising. I see why publicfile-installer needs to download
sourcecode from DJB's website, but why does it need to download
"packaging information from the package maintainer's website"?
Shouldn't that material simply be included in publicfile-installer, so
that I can be confident I've downloaded the installscripts from a
secure APT repository rather than some man in the middle?)
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
