Apturl (security) issues and inclusion in Gutsy

Vincenzo Ciancia ciancia at di.unipi.it
Tue Sep 25 18:08:51 UTC 2007

On 25/09/2007 Milan wrote:
> And then, before adding a repository, it should print : -
> the number of packages the repository provides and - the list of
> installed or main packages that may be replaced automatically. Using for
> example two dialogs, you would need to click twice on 'Next' to install
> it, this would be a minimum protection. Even more: at any time, the user
> should be able to easily revert to a pure Ubuntu desktop by disabling
> the custom repositories and removing their packages.

I agree, in particular, each time you install a package from an
unofficial source added with apturl, you should receive a warning, also
signaling the URL from which the package comes from, and saying that
it's not an ubuntu package. However, I would like to re-point-out that
you can already add apt-sources letting the user completely unaware, by
using an ad-hoc deb file installed with gdebi, it's just that unofficial
repositories are not (yet) doing this.


More information about the Ubuntu-devel-discuss mailing list