package dpkg-dev severity 440841 wishlist retitle 440841 dpkg accepts .dscs signed by anyone in the user's personal keyring, not only the person in the Maintainer: field tags 440841 - security thanks
On Thu, Oct 25, 2007 at 08:38:08PM +0200, Raphael Hertzog wrote:
> > That's not the feature you describe, and unless misunderstand
> > something, I don't think the current behavior is good for anything.
>
> If you don't pollute your personal keyring, it can be useful. Otherwise
> yes the current behaviour is not of much use.
>
> Not being useful doesn't make it a security threat, though.
Very well, that's what I wanted to hear, that you understand the
problem (and not only the first mistaken one I reported originally).
I'll downgrade this to wishlist, it's probably good to leave it open
though for the record so that someone else wondering about the same
thing can see it's been thought about(?).
Thanks!
Sami
signature.asc
Description: Digital signature
