Usage of apturl in the documentation

Dougie Richardson ddrichardson at btinternet.com
Fri Sep 26 17:49:30 UTC 2008


> Apt-url doesn't provide a means to install a package from an external
> repository, nor to add a repository.

You're assuming that every package in the repositories have no vulnerabilities. We needn't be discussing adding a new repository at all.

> As Dean pointed out earlier, if there were such a vulnerability, it
> wouldn't have been added to Firefox or Gnome. It seems strange for us
> to avoid using a tool which makes instructions easier to follow even
> though other sites can use it.

>From the link Dean gives:

"A possible attack vector would be to trick users to install a application with a known vulnerability or to install applications that open a port."

Regards,

Dougie






More information about the ubuntu-doc mailing list