Bug#46857: apt: If source URI contains password, the password is printed on the screen during fetches
Package: apt
Version: 0.3.13
Severity: grave
Hi,
try a URI like <deb ftp://user:password@host/debian unstable local>; the
password is printed on the screen in plain text. I believe it would be
better to not display the user:password bit at all, or at least mask the
password.
(I agree that it is not generally a good idea to put password-protected URIs
into sources.list.)
Regards,
--
Andrew Korn (Korn Andras) <korn@eik.bme.hu> http://goliat.eik.bme.hu/~korn
Finger korn@goliat.eik.bme.hu for pgp key. Homepage is obsolete. QOTD:
Fer sell cheep: Mikrosoft spel chekker. Wurks grate.
-- System Information
Debian Release: potato
Kernel Version: Linux chardonnay 2.2.12 #6 Thu Sep 9 18:27:39 CEST 1999 i586 unknown
Versions of the packages apt depends on:
ii libc6 2.1.2-5 GNU C Library: Shared libraries and timezone
ii libstdc++2.10 2.95.2-0pre2 The GNU stdc++ library
Reply to: