[Bug 1213353] Re: Software Updater requires installation of untrusted packages

markling 1213353 at bugs.launchpad.net
Sat Aug 17 11:39:30 UTC 2013


** Attachment added: "Software Updater Untrusted.png"
   https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1213353/+attachment/3775709/+files/Software%20Updater%20Untrusted.png

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1213353

Title:
  Software Updater requires installation of untrusted packages

Status in “update-manager” package in Ubuntu:
  New

Bug description:
  Software updater tells me it requires installation of untrusted
  packages. It says, "This requires installing packages from untrusted
  sources."

  But it does not tell me what packages are untrusted. It does not tell
  me what untrusted sources it is required to retrieve packages from.
  And it does not tell me why these packages and sources are untrusted.
  It neither offers any way of learning this information.

  It also denies me any choice in the matter. The warning dialogue has
  two actions. One is <settings>, which is clearly useful for anyone who
  already knows the answers to the unanswered questions raised above.
  The other is <OK>, an invitation to go ahead and install the anonymous
  untrusted packages from the anonymous untrusted sources. There is no
  option to decline the installation of these packages.

  Being a user of but little knowledge, it just so happens that the
  little knowledge I have tells me not to install anonymous untrusted
  packages from untrusted sources. It's the sort of thing parents tell
  their children nowadays after saying they shouldn't talk to strangers.

  So I do the only thing I can, short of spending a week of nights and
  weeks more nights to learn what it is all about. (If only I had so
  much time). I close <X> the window and hope it goes away. But it has
  come back again. I think it might keep coming back. What if it's an
  important piece of software? What if my operating system fails because
  I won't let it install anonymous untrusted packages from untrusted
  sources? And what oh! of the tragic irony if I end up getting
  malicious anonymous untrusted packages from untrusted sources getting
  in through a breach in my security left by my refusal to install
  anonymous untrusted packages from untrusted sources?

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: update-manager 1:0.186.1
  ProcVersionSignature: Ubuntu 3.8.0-27.40-generic 3.8.13.4
  Uname: Linux 3.8.0-27-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8.3
  Architecture: amd64
  Date: Sat Aug 17 12:18:55 2013
  GsettingsChanges:
   b'com.ubuntu.update-manager' b'first-run' b'false'
   b'com.ubuntu.update-manager' b'launch-time' b'1376737045'
   b'com.ubuntu.update-manager' b'show-details' b'true'
   b'com.ubuntu.update-manager' b'window-height' b'468'
   b'com.ubuntu.update-manager' b'window-width' b'680'
  InstallationDate: Installed on 2012-11-28 (261 days ago)
  InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: update-manager
  UpgradeStatus: Upgraded to raring on 2013-05-14 (94 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1213353/+subscriptions




More information about the foundations-bugs mailing list