Package: libruby1.8 Followup-For: Bug #396304 I think this bug is still related to apt-listbugs. The soap_use_proxy variable is an interface of a library used internally. apt-listbugs does not _have_to_ expose this interface to the user. apt-listbugs even sets or deletes this variable in some cases depending on the settings in apt.conf. This behaviour is inconsistent.
IMHO apt-listbugs should behave like other APT tools. The manpage of apt.conf states http HTTP URIs; http::Proxy is the default http proxy to use. It is in the standard form of http://[[user][:[EMAIL PROTECTED]:port]/. Per host proxies can also be specified by using the form http::Proxy::<host> with the special keyword DIRECT meaning to use no proxies. The http_proxy environment variable will override all settings. So it's expected behaviour that variable http_proxy will be used without any questions or complaints from the programs. I'm aware of two possible security risks: The first is the use of user:password in the proxy URL. This is no problem if http_proxy does not contain a password. The second is the risk to unexpectedly override the settings from apt.conf with an untrusted proxy. I think this should be solved by a common solution for all apt related programs. Using a wrong proxy to list bug reports is a small problem compared to using this proxy to download packages. Please point me to an explanation if there is another security risk. Maybe we need a setting in apt.conf that tells APT to ignore http_proxy and use the settings from apt.conf only. This should apply to apt-listbugs as well. (like wget's --no-proxy option) I have the proxy setting in apt.conf, so aptitude and apt-listbugs work as expected if I dont have http_proxy set. But there are other programs that need the http_proxy environment variable. When I set this variable (in my case to the same proxy as in apt.conf) aptitude and apt-listchanges still work but apt-listbugs complains about the missing soap_use_proxy variable. If you like the idea of the soap_use_proxy variable, I propose to use a setting in apt.conf or a variable specific to apt-listbugs, to select from these possibilities: - use http_proxy (and set soap_use_proxy internally) - complain if http_proxy is set - complain if http_proxy is set and differs from the apt.conf setting (else set soap_use_proxy internally) - ignore http_proxy and use the setting from apt.conf (and set or remove http_proxy and soap_use_proxy internally as required) -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (300, 'unstable'), (10, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages libruby1.8 depends on: ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries ii libncurses5 5.5-5 Shared libraries for terminal hand ii zlib1g 1:1.2.3-13 compression library - runtime libruby1.8 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]