Control: tags -1 + moreinfo
Hi Holger, 2016-08-08 17:06 Holger Levsen:
Package: aptitude Version: 0.8.2-1 Severity: wishlist Hi, thanks for maintaing aptitude! There is a trivial attack on aptitude: press "y" on the "do you really want to install those unauthenticated packages?" question and there is no way to prevent people from doing so (by means of configuration), like a strict mode. Please implement something along these lines, I've heard this is a blocker for wider Debian adoption by some people/projects/organisations. I've filed the same bug against apt, it's #833785: "apt: please add configuration option to never allow installation of unauthenticated packages", maybe apt and aptitude could share that configuration bit too?
As per the reply to apt's counterpart, #833785, this will probably fix itself by the next release. Leaving open for a while in the case that it needs some review or if we can do something extra about this. (But apt is more popular and a prerequisite of the system, so perhaps the possible extra strictness of aptitude wouldn't actually be of any help). Cheers. -- Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com>
