Usage of apturl in the documentation
Matthew East
mdke at ubuntu.com
Fri Sep 26 17:09:33 UTC 2008
On Fri, Sep 26, 2008 at 5:59 PM, Dougie Richardson
<ddrichardson at btinternet.com> wrote:
>> I chatted to Michael about this today on irc, and he confirmed that
>> apturl is safe to use on the help wiki and system documentation, as it
>> only installs packages from the user's repositories.
>
> What if the guide they are reading directs them to add another, malicious
> repository?
That is something malicious users can do already, and which is not
facilitated by apt-url.
Apt-url doesn't provide a means to install a package from an external
repository, nor to add a repository.
> I'm sure everyone knows what they are talking about but is it really a good
> idea to introduce a possible vulnerability?
As Dean pointed out earlier, if there were such a vulnerability, it
wouldn't have been added to Firefox or Gnome. It seems strange for us
to avoid using a tool which makes instructions easier to follow even
though other sites can use it.
--
Matthew East
http://www.mdke.org
gnupg pub 1024D/0E6B06FF
More information about the ubuntu-doc
mailing list