10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey"

Fabian Keil freebsd-listen at fabiankeil.de
Tue Sep 8 13:41:35 UTC 2015

Marko Cupać <marko.cupac at mimar.rs> wrote:

> I just found out that 10.2-RELEASE-p2 lost ability to bootstrap pkg
> with signature_type="pubkey".
> Quick search returns:
> https://github.com/freebsd/pkg/issues/1309
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202622
> I guess it is not hard to switch repo to fingerprints, however I would
> not expect to lose this functionality by updating to patchlevel.

The "functionality" pkg(7) "lost" is silently ignoring unsupported
signature types which is dangerous if the network can't be trusted:

If you absolutely want to, you can still bootstrap insecurely by
temporarily setting the signature type to none.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20150908/7358ff33/attachment.bin>

More information about the freebsd-stable mailing list