Apturl (security) issues and inclusion in Gutsy

Matthew Garrett mjg59 at srcf.ucam.org
Wed Sep 19 03:13:09 UTC 2007


On Tue, Sep 18, 2007 at 12:25:00PM +0200, Alexander Sack wrote:

> > 2. Repositories added through apturl could provide packages included
> > in Ubuntu but with higher version numbers with malicious code.
> 
> ... this is a feature, not an issue.

I'm really not convinced by that. We shouldn't be making it easier for 
users to replace important system files, and we certainly shouldn't be 
making it easier for arbitrary third parties to encourage them to do so.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org




More information about the Ubuntu-devel-discuss mailing list