On Mon, 2014-06-16 at 09:35 +0200, Michael Vogt wrote: > I think for the future we actually should not allow a apt-get update > of untrusted repos without --allow-unauthenticated or > [trusted=no]. But this will probably break some setups so we need to > be careful and not rush it.
And what about the setups, which assume secure data to be retrieved (as far as I can see the whole build stack of Debian), which is already broken now? Security is much more critical here then things continuing to work... if someone's setup really depend on not verifying integrity... he will immediately notice (and can add the flag),... but no one notices if his security is compromised by MitMs... :-( So I see not much of a reason to not implement that right away. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org