Package: apt Version: 0.5.4 Severity: normal Tags: security If you run 'apt-cache search <package>' without read access to apt.conf, apt bails. While I understand that there are important options in this file that might be needed in order for apt to function properly, in my experience (maybe others?) the most common option in this file is to add an http/ftp proxy together with a username and password if the proxy requires one.
If you need to supply a username and password you can either: -- allow the username and password to be world readable -- prevent users from using apt by securing apt.conf The first option is no-go on some networks. The second option annoys the clued-up users. Perhaps apt could fall back to a different configuration file (without the secure information) or use its defaults if apt is run without read permissions on apt.conf? Matt -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux xanadu 2.4.19pre7ac3 #2 SMP Wed May 1 16:43:50 BST 2002 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages apt depends on: ii libc6 2.2.5-6 GNU C Library: Shared libraries an ii libstdc++2.10-glibc2.2 1:2.95.4-7 The GNU stdc++ library -- Matt Kern http://www.undue.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
