On Mon, Jun 01, 2009 at 09:48:26AM -0700, Dylan McCall wrote: > Someone can 'easily' add a repository to a user's system (be it > maliciously or not) through the following means: > * A .deb package that adds a repository to sources.list.d > * A .list file (in the format of sources.list, for example) which > is then automatically handled by Software Sources administration > (software-properties-gtk). > > There is therefore no security gain in apturls not doing repositories. > All it takes is a simple file that the user downloads and opens to get > the same thing happening.
The difference is that by design you can trigger apturls from websites using javascript, which makes it hard for us to ensure that the user is not tricked into believing that the apturl dialog is something the user cannot trust. Also on websites you can easily trick users in doing weird things (like a click game), which makes it harder to prevent malicious attacks. Also, the abilitity to trigger .deb installs from the web by a single click is considered a bug and we look into making ffox and other webbrowsers not allow that (instead similar to windows .exe downloads only allow them to be saved and not opened directly from the web). > > ...is this maybe going a bit off base? There are already two methods for > adding repositories and apturl doesn't strike me as the right design for > listing public keys to import. (At least not without generating a > horrifying abomination of a URI). And if it doesn't import public keys > with some reasonable automation, it will not work for PPAs. I agree. Instead of talking about allowing PPAs to be enabled through apturl, we should improve the way PPAs can be enabled in software-sources and app-center which was also one of the results of the UDS discussions we had. - Alexander -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
