[Bug 939322] Re: apt-get source ignores missing key
Kasper Dupont
939322 at bugs.launchpad.net
Thu Feb 23 08:31:29 UTC 2012
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/939322
Title:
apt-get source ignores missing key
Status in “apt” package in Ubuntu:
New
Bug description:
Running "apt-get source wireshark" produced the message "Can't check
signature: public key not found", but after this message it proceeded
with unpacking the source, which it had not verified the integrity of.
Continuing by default when a signature cannot be verified is a
security risk. (If the package had had just a few more patches, the
message would have scrolled out of the window before I would have seen
it).
Extracting an unverified package should require explicit user
confirmation. Either by requesting the user answer y or n while the
command is running, or by aborting with an error telling the user a
flag that can be used to proceed regardless of unverified signatures.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: apt 0.7.25.3ubuntu9.10
ProcVersionSignature: Ubuntu 2.6.32-37.81-generic 2.6.32.49+drm33.21
Uname: Linux 2.6.32-37-generic i686
Architecture: i386
Date: Thu Feb 23 09:24:04 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release i386 (20110720.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_DK.utf8
SHELL=/bin/bash
SourcePackage: apt
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/939322/+subscriptions
More information about the foundations-bugs
mailing list