Marko Cupać <marko.cu...@mimar.rs> wrote: > I just found out that 10.2-RELEASE-p2 lost ability to bootstrap pkg > with signature_type="pubkey". > > Quick search returns: > https://github.com/freebsd/pkg/issues/1309 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202622 > > I guess it is not hard to switch repo to fingerprints, however I would > not expect to lose this functionality by updating to patchlevel.
The "functionality" pkg(7) "lost" is silently ignoring unsupported signature types which is dangerous if the network can't be trusted: https://www.freebsd.org/security/advisories/FreeBSD-EN-15:15.pkg.asc https://www.fabiankeil.de/gehacktes/hardenedbsd/ If you absolutely want to, you can still bootstrap insecurely by temporarily setting the signature type to none. Fabian
pgpyIlNTJXyH2.pgp
Description: OpenPGP digital signature
