For context, here's the branch I'm working on. It handles the insecure key retrieval problem. I plan on handling the udeb problem by inserting the keyring into the preseed, retrieving Release/Release.gpg for the repo, using the keyring to verify the Release file, then using the sha sums to verify the Packages and udeb files.
For context, here's the branch I'm working on. It handles the insecure key retrieval problem. I plan on handling the udeb problem by inserting the keyring into the preseed, retrieving Release/Release.gpg for the repo, using the keyring to verify the Release file, then using the sha sums to verify the Packages and udeb files.
https:/ /code.launchpad .net/~jason- hobbs/maas/ use-key- text/+merge/ 215517