[xen-tools-discuss] Security concerns with calling "apt-get --force-yes"

Kevin FAUCHON kevin.fauchon at gmail.com
Wed Jan 28 15:28:39 CET 2015 

Please, how to unsubscribe?
Already unsubscribded many times, already contacted an admin to be
unsubscribded and still receiving mails...

On Wed, Jan 28, 2015 at 3:10 PM, Axel Beckert <abe at deuxchevaux.org> wrote:

> Hi,
>
> thanks for the links.
>
> On Wed, Jan 28, 2015 at 02:40:30PM +0100, Sebastian Pipping wrote:
> > > It's currently not clear to me if it would indeed do this.
> >
> > Please see
> > https://www.whonix.org/wiki/Dev/apt-get#Just_using_--force-yes
>
> Well, KEYEXPIRED would be ok for xen-tools from my PoV, especially
> with debootstrapping ancient releases signed with keys from back then
> this happens often.
>
> It though may happen less often since the time where
> archive.debian.org got reorganized and IIRC got signed with more
> recent keys. But I don't remember all the details about this. Will
> test.
>
> IIRC there is an apt option to explicitly ignore key expiry. But then
> again, I'm not sure if that feature is available in older apt releases
> as used when debootstrapping older releases.
>
> > >> My current suggestion would be to remove the --force-yes parameter.
> > >
> > > If this indeed causes unauthenticated packages to be installed, this
> > > is probably the correct fix. Otherwise I'm rather reluctant to remove
> > > that option.
> > >
> > > I'll check. Thanks for the report!
> >
> > Please do, please keep me up to date.
>
> Will do via this ML.
>
> > Btw, for the same topic in grml-debootstrap see
> > https://github.com/grml/grml-debootstrap/issues/62
>
> Over there it's as vague as in the man page of apt-get. Same issues
> with the issue. ;-)
>
>                 Kind regards, Axel
> --
> /~\  Plain Text Ribbon Campaign                   | Axel Beckert
> \ /  Say No to HTML in E-Mail and News            | abe at deuxchevaux.org
> (Mail)
>  X   See http://www.nonhtmlmail.org/campaign.html | abe at noone.org
> (Mail+Jabber)
> / \  I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/
> (Web)
> _______________________________________________
> xen-tools-discuss mailing list
> xen-tools-discuss at xen-tools.org
> https://xen-tools.org/mailman/listinfo/xen-tools-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://xen-tools.org/pipermail/xen-tools-discuss/attachments/20150128/92227af5/attachment.html>

More information about the xen-tools-discuss mailing list