[Bug 139227] Re: Make gdebi harder to use (was: Disable support for adding repositories)
aaronfranke
arnfranke at yahoo.com
Sun Oct 16 03:04:09 UTC 2016
I believe that the user should be able to add repositories with Apturl.
It's better behavior because it makes the system easier to use. It does
make sense to provide a warning (something like "Warning: This enables
obtaining software from a 3rd party, it may be unsafe! Do you want to
continue?" maybe) since there is a security risk if the user isn't
careful.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gdebi in Ubuntu.
https://bugs.launchpad.net/bugs/139227
Title:
Make gdebi harder to use (was: Disable support for adding
repositories)
Status in apturl package in Ubuntu:
Fix Released
Status in gdebi package in Ubuntu:
Won't Fix
Bug description:
Binary package hint: apturl
I think the ability to add repositories to the apt sources should not
be enabled/included by default. This is potentially a huge security
risk.
E.g. a user can be easily seduced to enable some repository to install
the newest coolest most beautiful screensaver from it, but later a
package is added to that repository with malicious code that replaces
one of the ubuntu packages on the system.
Apturl provides some great functionality, but it should encourage
people to install software from the official repositories, not make it
supereasy to enable all kinds of untrusted third party repositories.
Wether you agree with this or not, I think it would be good to at
least discuss this on ubuntu-devel before enabling this feature.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apturl/+bug/139227/+subscriptions
More information about the foundations-bugs
mailing list