[Whonix-devel] qubes-linux-template-builder Debian apt-get --force-yes --yes security issue?
adrelanos at riseup.net
Tue Apr 28 00:26:44 CEST 2015
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"
Could be a security issue. The combination of --force-yes and --yes is
insecure. Could lead to installation of unsigned packages.
Concluded that by reading the source and by remembering a bug report
against a similar Debian image build script where I did some testing.
I didn't actually test here but I find this quite possible. Highly
recommend to drop the --force-yes.
More information about the Whonix-devel