[Bug 788010] [NEW] apt doesn't support "@" in usernames

Carsten Jacobi 788010 at bugs.launchpad.net
Wed May 25 09:26:15 UTC 2011 

Public bug reported:

Binary package hint: apt-transport-https

We want to set up a repository for confidential packages and use E-Mail
addresses as usernames (because E-Mail addresses are mostly unique, also
in enterprise like corporations). However, it seems currently being
impossible to get apt to deliver the username correctly over HTTP to the
server with the packages (neither directly by writing it into the URL
with escaping nor using the builtin netrc mechanism of apt).

A similar problem was reported to the Debian-project with a solution proposal:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518473

That solution also utilizes the netrc mechanism. But in contrast to the
current apt-implementation shipped by Ubuntu that solution lets libcurl
itself parse the netrc config (that way the "@" character in the
username does not mess up the apt-source URL). So, that implementation
would compete against the builtin netrc parser of apt (see also
Blueprint https://blueprints.launchpad.net/ubuntu/+spec/foundations-
lucid-apt-netrc-mechanism). IMHO this is still an option to consider
since apt is utilizing libcurl for all HTTP transactions anyways.

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/788010

Title:
  apt doesn't support "@" in usernames

Status in “apt” package in Ubuntu:
  New

Bug description:
  Binary package hint: apt-transport-https

  We want to set up a repository for confidential packages and use
  E-Mail addresses as usernames (because E-Mail addresses are mostly
  unique, also in enterprise like corporations). However, it seems
  currently being impossible to get apt to deliver the username
  correctly over HTTP to the server with the packages (neither directly
  by writing it into the URL with escaping nor using the builtin netrc
  mechanism of apt).

  A similar problem was reported to the Debian-project with a solution proposal:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518473

  That solution also utilizes the netrc mechanism. But in contrast to
  the current apt-implementation shipped by Ubuntu that solution lets
  libcurl itself parse the netrc config (that way the "@" character in
  the username does not mess up the apt-source URL). So, that
  implementation would compete against the builtin netrc parser of apt
  (see also Blueprint https://blueprints.launchpad.net/ubuntu/+spec
  /foundations-lucid-apt-netrc-mechanism). IMHO this is still an option
  to consider since apt is utilizing libcurl for all HTTP transactions
  anyways.

More information about the foundations-bugs mailing list