Apturl (security) issues and inclusion in Gutsy

Milan nalimilan at club.fr
Tue Sep 25 16:47:25 UTC 2007

Vincenzo Ciancia a écrit :
> Adding a way for people to provide user-friendly apt sources without
> having to upload screenshots on how to add sources in
> "system/administration/sources" (whatever it is called in english) does
> not change the overall security model of ubuntu and apt, which is, if
> you have the root password, you can do whatever you like to your system,
> and if you add an apt source and its gpg key using the root password,
> you are authorizing other people to do whatever they want to your system.
The new point is that you can easily add repositories even when you
don't know a minimum how apt is working. And once you've added
repositories, even pepople willing to help you (by providing new
software) can impact in a bad way your desktop, and users will blame
Ubuntu for that. Expect to get many non-Ubuntu bugs form users that
don't know they are using bleeding-edge software from custom repositories.

At least, the first time you add a repository using apt-url, it should
warn you in a flashy way wat you're doing, and neeed to to really read
the warning. And then, before adding a repository, it should print : -
the number of packages the repository provides and - the list of
installed or main packages that may be replaced automatically. Using for
example two dialogs, you would need to click twice on 'Next' to install
it, this would be a minimum protection. Even more: at any time, the user
should be able to easily revert to a pure Ubuntu desktop by disabling
the custom repositories and removing their packages.

I still agree that this feature may lead ubuntu into Windows-like
behavior, with unknown programs starting now and then, and an unstable
system. We should think twice about it, and wait for apt-url to be
really mature (at least, for it to implement all needed security features).

More information about the Ubuntu-devel-discuss mailing list