I believe that the user should be able to add repositories with Apturl.
It's better behavior because it makes the system easier to use. It does
make sense to provide a warning (something like "Warning: This enables
obtaining software from a 3rd party, it may be unsafe! Do you want to
continue?" maybe) since there is a security risk if the user isn't

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gdebi in Ubuntu.

  Make gdebi harder to use (was: Disable support for adding

Status in apturl package in Ubuntu:
  Fix Released
Status in gdebi package in Ubuntu:
  Won't Fix

Bug description:
  Binary package hint: apturl

  I think the ability to add repositories to the apt sources should not
  be enabled/included by default. This is potentially a huge security

  E.g. a user can be easily seduced to enable some repository to install
  the newest coolest most beautiful screensaver from it, but later a
  package is added to that repository with malicious code that replaces
  one of the ubuntu packages on the system.

  Apturl provides some great functionality, but it should encourage
  people to install software from the official repositories, not make it
  supereasy to enable all kinds of untrusted third party repositories.

  Wether you agree with this or not, I think it would be good to at
  least discuss this on ubuntu-devel before enabling this feature.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to