Package: aptitude Version: 0.8.2-1 Severity: wishlist Hi,
thanks for maintaing aptitude!
There is a trivial attack on aptitude: press "y" on the "do you really want to
install those unauthenticated packages?" question and there is no way to
prevent people from doing so (by means of configuration), like a strict mode.
Please implement something along these lines, I've heard this is a
blocker for wider Debian adoption by some people/projects/organisations.
I've filed the same bug against apt, it's #833785: "apt: please add
configuration
option to never allow installation of unauthenticated packages", maybe
apt and aptitude could share that configuration bit too?
--
cheers,
Holger
signature.asc
Description: Digital signature
_______________________________________________ Aptitude-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel
