Back to confirmed, since we have _not_ disabled support for adding
repositories, which is required by the bug reporter. Wouter asked "I
think the ability to add repositories to the apt sources should not be
enabled/included by default. This is potentially a huge security risk.".
Now this is perfectly debatable, and I am happy that people debated it
in place of just ignoring such a relevant comment. However, bug is not
fixed. We can install files in /etc/apt/sources.list.d using gdebi.
Sorry Michael, I don't want to create noise, but I believe that we
should take a serious decision before beta release. If one opens a bug
report asking to close a potential backdoor, and ubuntu says to agree,
it can't leave open the same backdoor in another place. OTOH, if gdebi
has to stay there, there's no point in not enabling apturl: malicious
repositories (which I never heard about until now) would then use gdebi.
** Changed in: apturl (Ubuntu)
Status: Fix Released => Confirmed
--
Disable support for adding repositories
https://bugs.launchpad.net/bugs/139227
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
