Apturl (security) issues and inclusion in Gutsy
Matthew Garrett
mjg59 at srcf.ucam.org
Wed Sep 19 03:13:09 UTC 2007
On Tue, Sep 18, 2007 at 12:25:00PM +0200, Alexander Sack wrote:
> > 2. Repositories added through apturl could provide packages included
> > in Ubuntu but with higher version numbers with malicious code.
>
> ... this is a feature, not an issue.
I'm really not convinced by that. We shouldn't be making it easier for
users to replace important system files, and we certainly shouldn't be
making it easier for arbitrary third parties to encourage them to do so.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ubuntu-devel-discuss
mailing list