[Aptitude-devel] Bug#618342: aptitude: inconsistent behaviour with apt-cache on non-readable sources.list file

Daniel Hartwig mandyke at gmail.com
Mon Jun 3 03:11:02 UTC 2013

Michael Prokop <mika at debian.org> wrote:
> /etc/apt/sources.list.d/foo.list contains something like:
>   deb https://$USER:$PASSWD@$MIRROR internal main
> and because of confidential information ($USER/$PASSWD) the file is
> read-only for root (600).

This is not a comment on the reported bug (not quoted here), but a note
about usage.

It is not ideal to include authentication credentials in sources.list.
Those files should be world readable (or atleast readable by all
apt-cache and aptitude users).

There is a poorly documented option to use /etc/apt/auth.conf, which is
formatted like netrc(5).  Credentials should be placed in this file,
with sources.list just containing the $MIRROR part.


More information about the Aptitude-devel mailing list