Public bug reported:
Rationale: Fulfills the "Kill install-package" portion of the Kubuntu
Lucid Development spec[1] that was postponed due to KPackageKit
limitations. QApt builds a qapt-batch utility that is a drop-in
replacement for install-package, and features important security
improvements such as providing warnings for attempts to install
untrusted packages. In addition, it supports debconf and media changing
where install-package did not.
QApt may require a security review. It uses Polkit-1 for performing
privileged tasks, such as checking for updates, committing changes, and
updating the apt-xapian index. All privileged functions do require
authentication, but the worker (obviously) runs as root. The worker code
can be found in src/worker, relative to the top level directory of the
qapt tarball.
I have checked over the MIR requirements carefully, and see no
violations. All current build failures on ports architecture appear to
be due to archive skew.
** Affects: qapt (Ubuntu)
Importance: Undecided
Status: New
--
[MIR] qapt
https://bugs.launchpad.net/bugs/609247
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
