[Whonix-devel] [qubes-devel] Re: qubes-linux-template-builder Debian apt-get --force-yes --yes security issue?
patrick-mailinglists at whonix.org
Sat May 2 16:13:20 CEST 2015
> On Monday, 27 April 2015 18:34:12 UTC-4, Jason M wrote:
>> On 27 April 2015 at 18:26, Patrick Schleizer wrote:
>>> APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"
>>> Could be a security issue. The combination of --force-yes and --yes is
>>> insecure. Could lead to installation of unsigned packages.
>>> Concluded that by reading the source and by remembering a bug report
>>> against a similar Debian image build script where I did some testing.
>>> - https://github.com/grml/grml-debootstrap/issues/62
>>> I didn't actually test here but I find this quite possible. Highly
>>> recommend to drop the --force-yes.
>> Good catch. I will investigate it further. The purpose is the
>> `--force-yes` is to all the over riding package configuration when
>> initially building the template. Will see what happens without the force
> I removed the --force-yes option and everything seems to build fine still.
> I will submit a PR most likely tonight after some more testing has been
Any news on this?
More information about the Whonix-devel