[Aptitude-devel] Bug#833787: aptitude: please add configuration option to never allow installation of unauthenticated packages
Holger Levsen
holger at layer-acht.org
Mon Aug 8 16:06:05 UTC 2016
Package: aptitude
Version: 0.8.2-1
Severity: wishlist
Hi,
thanks for maintaing aptitude!
There is a trivial attack on aptitude: press "y" on the "do you really want to
install those unauthenticated packages?" question and there is no way to
prevent people from doing so (by means of configuration), like a strict mode.
Please implement something along these lines, I've heard this is a
blocker for wider Debian adoption by some people/projects/organisations.
I've filed the same bug against apt, it's #833785: "apt: please add configuration
option to never allow installation of unauthenticated packages", maybe
apt and aptitude could share that configuration bit too?
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/aptitude-devel/attachments/20160808/d75c7e86/attachment.sig>
More information about the Aptitude-devel
mailing list