[Aptitude-devel] Bug#833787: aptitude: please add configuration option to never allow installation of unauthenticated packages
Manuel A. Fernandez Montecelo
manuel.montezelo at gmail.com
Mon Aug 8 21:08:55 UTC 2016
Control: tags -1 + moreinfo
Hi Holger,
2016-08-08 17:06 Holger Levsen:
>Package: aptitude
>Version: 0.8.2-1
>Severity: wishlist
>
>Hi,
>
>thanks for maintaing aptitude!
>
>There is a trivial attack on aptitude: press "y" on the "do you really want to
>install those unauthenticated packages?" question and there is no way to
>prevent people from doing so (by means of configuration), like a strict mode.
>
>Please implement something along these lines, I've heard this is a
>blocker for wider Debian adoption by some people/projects/organisations.
>
>I've filed the same bug against apt, it's #833785: "apt: please add configuration
>option to never allow installation of unauthenticated packages", maybe
>apt and aptitude could share that configuration bit too?
As per the reply to apt's counterpart, #833785, this will probably fix
itself by the next release.
Leaving open for a while in the case that it needs some review or if we
can do something extra about this.
(But apt is more popular and a prerequisite of the system, so perhaps
the possible extra strictness of aptitude wouldn't actually be of any
help).
Cheers.
--
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>
More information about the Aptitude-devel
mailing list