Package: apt Version: 1.0.9.6 Severity: wishlist Tags: security Dear APT Developers,
apt-get(8) states: --force-yes Force yes; this is a dangerous option that will cause apt to continue without prompting if it is doing something potentially harmful. It should not be used except in very special situations. Using force-yes can potentially destroy your system! Configuration Item: APT::Get::force-yes. Please mention explicitly that this may cause unauthenticated packages to be installed. Reasoning: Many people seem to assume that the aforementioned words "dangerous" and "harmful" imply broken stuff or inconsistencies, i.e. stuff doesn't work anymore afterwards. They don't expect or at least don't think of security-related issues like e.g. a compromised system which you may not notice immediately. Examples of bug reports caused due this assumption: * https://github.com/grml/grml-debootstrap/issues/62 (grml-debootstrap; upstream bug report) * https://bugs.debian.org/776487 (in xen-tools; initially reported upstream, bug exists since 2005) -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'buildd-unstable'), (400, 'stable'), (110, 'experimental'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.18.0-trunk-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages apt depends on: ii debian-archive-keyring 2014.3 ii gnupg 1.4.18-6 ii libapt-pkg4.12 1.0.9.6 ii libc6 2.19-13 ii libgcc1 1:4.9.2-10 ii libstdc++6 4.9.2-10 apt recommends no packages. Versions of packages apt suggests: ii apt-doc 1.0.9.6 ii aptitude 0.6.11-1+b1 ii dpkg-dev 1.17.23 ii python-apt 0.9.3.11 ii wajig 2.17 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org