By the way,.. a similar problem is also present in many other packages. Let me just name a few concrete examples so that you get a feeling on what I mean.
1) debootstrap/cdebootstrap IIRC, only cdeboostrap requires a keyring per default (or did it always use debian-archive-keyring?) Anyway,... while deboostrap supports verifying signatures and specifying a keyring,.. it doesn't to so per default. Neither does it fail if just nothing is specified (it should only work with verification, if some special parameter e.g. --dont-verify-sigs is given). I've filed a bug for this some time ago,... (and unfortunately a 2nd one recently) but it does not seem that upstream is willing to change this behaviour. 2) pbuilder and piuparts (and probably the debian buildd's, too) create chroots to build the packages, and I think they're using one of the aboves for this. Per default they're not configured to use them (well at least debootstrap) with signatures. => Building packages may lead to installation and execution of malicious packages. I've filed bugs for at least pbuilder and piuparts. 3) aptitude Well I'm not sure here as I haven't had the time to read the code. For some actions (install/upgrade/dist-upgrade) it uses secure-apt as it simply uses apt-get (IIRC). But what about actions not provided by apt-get, like aptitude download <package>. So far I was not able to find out whether this uses secure apt or not. 4) apt-file (which I like very much) The Contents files are not yet signed AFAIK,.. and thus it cannot do any verification. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org