[Aptitude-devel] Bug#618342: aptitude: inconsistent behaviour with apt-cache on non-readable sources.list file
Daniel Hartwig
mandyke at gmail.com
Mon Jun 3 03:11:02 UTC 2013
Michael Prokop <mika at debian.org> wrote:
> /etc/apt/sources.list.d/foo.list contains something like:
>
> deb https://$USER:$PASSWD@$MIRROR internal main
>
> and because of confidential information ($USER/$PASSWD) the file is
> read-only for root (600).
This is not a comment on the reported bug (not quoted here), but a note
about usage.
It is not ideal to include authentication credentials in sources.list.
Those files should be world readable (or atleast readable by all
apt-cache and aptitude users).
There is a poorly documented option to use /etc/apt/auth.conf, which is
formatted like netrc(5). Credentials should be placed in this file,
with sources.list just containing the $MIRROR part.
Regards
More information about the Aptitude-devel
mailing list