Public bug reported: Rationale: Fulfills the "Kill install-package" portion of the Kubuntu Lucid Development spec[1] that was postponed due to KPackageKit limitations. QApt builds a qapt-batch utility that is a drop-in replacement for install-package, and features important security improvements such as providing warnings for attempts to install untrusted packages. In addition, it supports debconf and media changing where install-package did not.
QApt may require a security review. It uses Polkit-1 for performing privileged tasks, such as checking for updates, committing changes, and updating the apt-xapian index. All privileged functions do require authentication, but the worker (obviously) runs as root. The worker code can be found in src/worker, relative to the top level directory of the qapt tarball. I have checked over the MIR requirements carefully, and see no violations. All current build failures on ports architecture appear to be due to archive skew. ** Affects: qapt (Ubuntu) Importance: Undecided Status: New -- [MIR] qapt https://bugs.launchpad.net/bugs/609247 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs