[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#46857: apt: If source URI contains password, the password is printed on the screen during fetches



Package: apt
Version: 0.3.13
Severity: grave

Hi,

try a URI like <deb ftp://user:password@host/debian unstable local>; the
password is printed on the screen in plain text. I believe it would be
better to not display the user:password bit at all, or at least mask the
password.

(I agree that it is not generally a good idea to put password-protected URIs
into sources.list.)

Regards,

-- 
  Andrew Korn (Korn Andras) <korn@eik.bme.hu>  http://goliat.eik.bme.hu/~korn
    Finger korn@goliat.eik.bme.hu for pgp key.  Homepage is obsolete. QOTD:
             Fer sell cheep: Mikrosoft spel chekker. Wurks grate.

-- System Information
Debian Release: potato
Kernel Version: Linux chardonnay 2.2.12 #6 Thu Sep 9 18:27:39 CEST 1999 i586 unknown

Versions of the packages apt depends on:
ii  libc6           2.1.2-5        GNU C Library: Shared libraries and timezone
ii  libstdc++2.10   2.95.2-0pre2   The GNU stdc++ library


Reply to: