Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Provide a known-good Ubuntu archive keyring instead of downloading it
'apt-key adv --recv-keys' does not perform any validation, so an attacker who can interfere with the network path could potentially substitute their own malicious keyring. Include a known-good copy from the ubuntu-archive-keyring package (version 2016.05.13-1 as provided by Debian) instead. Signed-off-by: Simon McVittie <smcv@collabora.com>
- Loading branch information