[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#305142: CAN-2005-2214: insegure apt-setup



Martin Schulze wrote:
> severity 305142 important

This is severity inflation: This bug affects a minority of a minority of
users (users who have a proxy that requires a password, have some reason
to use it for apt, and somehow have managed to avoid the inherent
security issues of the http password being sent in the clear over the
network).

> tags 305142 security
> thanks
> 
> Is there any motion on this problem?

The only real solution to this bug is to remove support for passwords in
the proxy setting. Making the file mode 600 by default, or even only if
a password is present cripples the system for regular users by breaking
apt-get source and hardly makes it anymore secure anyway.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature


Reply to: