Usage of apturl in the documentation
Dougie Richardson
ddrichardson at btinternet.com
Fri Sep 26 17:49:30 UTC 2008
> Apt-url doesn't provide a means to install a package from an external
> repository, nor to add a repository.
You're assuming that every package in the repositories have no vulnerabilities. We needn't be discussing adding a new repository at all.
> As Dean pointed out earlier, if there were such a vulnerability, it
> wouldn't have been added to Firefox or Gnome. It seems strange for us
> to avoid using a tool which makes instructions easier to follow even
> though other sites can use it.
>From the link Dean gives:
"A possible attack vector would be to trick users to install a application with a known vulnerability or to install applications that open a port."
Regards,
Dougie
More information about the ubuntu-doc
mailing list