Hello Sachi - Thanks for reporting this issue! We agree that the use of the --allow-insecure-repositories and --allow-unauthenticated options is poor form and should not be used in the makefiles for building kernel snaps.
In practice, I think that this would be difficult to attack since the traffic between the builders and launchpad itself should be well controlled. There's obviously no sense in leaving that attack vector open so we'll get it fixed up. As you correctly pointed out, fixing it also benefits end-users that attempt to use the affected makefile target.
Hello Sachi - Thanks for reporting this issue! We agree that the use of the --allow- insecure- repositories and --allow- unauthenticated options is poor form and should not be used in the makefiles for building kernel snaps.
In practice, I think that this would be difficult to attack since the traffic between the builders and launchpad itself should be well controlled. There's obviously no sense in leaving that attack vector open so we'll get it fixed up. As you correctly pointed out, fixing it also benefits end-users that attempt to use the affected makefile target.
Thanks again! We'll be working to fix this issue.