Package: aptitude
Version: 0.4.11.11-1
Severity: normal
Hi.
Aptitude uses secure-apt in most places (at least as far as I know),
for example:
Retrieving and installing/upgrading packages.
But is secure-apt really used in ALL places?
For example, what about doing an "aptitude download" or what about
"build-depends, build-dep"?
E.g. a user could do aptitude download foo && dpkg -i foo<...>.deb and
would end up with an insecurely retrieved package.
Or even other places like changelogs and so on.
If not I'd even suggest to raise this bug's priority to something higher.
It should also be secured, that future changes to aptitude use
secure-apt whenever possible.
Chris.
btw: Does aptitude support other hashes than MD5 for secure-apt, or is
this purely done in apt itsefl?
-- Package-specific info:
aptitude 0.4.11.11 compiled at Nov 20 2008 05:11:32
Compiler: g++ 4.3.2
Compiled against:
apt version 4.6.0
NCurses version 5.7
libsigc++ version: 2.0.18
Ept support enabled.
Current library versions:
NCurses version: ncurses 5.7.20090207
cwidget version: 0.5.12
Apt version: 4.6.0
linux-vdso.so.1 => (0x00007fff0abfe000)
libapt-pkg-libc6.7-6.so.4.6 =>
/usr/lib/libapt-pkg-libc6.7-6.so.4.6 (0x00007f49026f0000)
libncursesw.so.5 => /lib/libncursesw.so.5 (0x00007f49024a5000)
libsigc-2.0.so.0 => /usr/lib/libsigc-2.0.so.0 (0x00007f49022a0000)
libcwidget.so.3 => /usr/lib/libcwidget.so.3 (0x00007f4901fcd000)
libept.so.0 => /usr/lib/libept.so.0 (0x00007f4901d54000)
libxapian.so.15 => /usr/lib/libxapian.so.15 (0x00007f49019ea000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f49017d3000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f49015b7000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f49012ab000)
libm.so.6 => /lib/libm.so.6 (0x00007f4901028000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f4900e11000)
libc.so.6 => /lib/libc.so.6 (0x00007f4900abe000)
libutil.so.1 => /lib/libutil.so.1 (0x00007f49008bb000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f49006b7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f49029b1000)
Terminal: xterm
$DISPLAY is set.
`which aptitude`: /usr/bin/aptitude
aptitude version information:
aptitude linkage:
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages aptitude depends on:
ii apt [libapt-pkg-libc6. 0.7.20.2 Advanced front-end for dpkg
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcwidget3 0.5.12-4 high-level terminal
interface libr
ii libept0 0.5.26 High-level library for
managing De
ii libgcc1 1:4.3.3-4 GCC support library
ii libncursesw5 5.7+20090207-1 shared libraries for
terminal hand
ii libsigc++-2.0-0c2a 2.0.18-2 type-safe Signal
Framework for C++
ii libstdc++6 4.3.3-4 The GNU Standard C++ Library v3
ii libxapian15 1.0.7-4 Search engine library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages aptitude recommends:
ii aptitude-doc-en [aptitude-do 0.4.11.11-1 English manual for
aptitude, a ter
ii libparse-debianchangelog-per 1.1.1-2 parse Debian changelogs
and output
Versions of packages aptitude suggests:
ii debtags 1.7.9 Enables support for package tags
ii tasksel 2.78 Tool for selecting tasks
for insta
-- no debconf information
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
