Bug#46857: marked as done (apt: If source URI contains password, the password is printed on the screen during fetches)
Your message dated Thu, 11 Nov 1999 16:40:20 -0700 (MST)
with message-id <[🔎] Pine.LNX.3.96.991111163840.12810C-100000@wakko.deltatee.com>
and subject line Fixed Bugs
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Darren Benham
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Oct 1999 15:03:31 +0000
Received: (qmail 14378 invoked from network); 7 Oct 1999 15:03:30 -0000
Received: from chardonnay.math.bme.hu (qmailr@152.66.83.144)
by master.debian.org with SMTP; 7 Oct 1999 15:03:30 -0000
Received: (qmail 32362 invoked by uid 1000); 7 Oct 1999 15:03:14 -0000
Date: 7 Oct 1999 15:03:14 -0000
Message-ID: <19991007150314.32361.qmail@chardonnay.math.bme.hu>
From: KORN Andras <korn@chardonnay.math.bme.hu>
Subject: apt: If source URI contains password, the password is printed on the screen during fetches
To: submit@bugs.debian.org
X-Mailer: bug 3.2.5
Package: apt
Version: 0.3.13
Severity: grave
Hi,
try a URI like <deb ftp://user:password@host/debian unstable local>; the
password is printed on the screen in plain text. I believe it would be
better to not display the user:password bit at all, or at least mask the
password.
(I agree that it is not generally a good idea to put password-protected URIs
into sources.list.)
Regards,
--
Andrew Korn (Korn Andras) <korn@eik.bme.hu> http://goliat.eik.bme.hu/~korn
Finger korn@goliat.eik.bme.hu for pgp key. Homepage is obsolete. QOTD:
Fer sell cheep: Mikrosoft spel chekker. Wurks grate.
-- System Information
Debian Release: potato
Kernel Version: Linux chardonnay 2.2.12 #6 Thu Sep 9 18:27:39 CEST 1999 i586 unknown
Versions of the packages apt depends on:
ii libc6 2.1.2-5 GNU C Library: Shared libraries and timezone
ii libstdc++2.10 2.95.2-0pre2 The GNU stdc++ library
---------------------------------------
Received: (at 46857-done) by bugs.debian.org; 11 Nov 1999 23:40:32 +0000
Received: (qmail 22442 invoked from network); 11 Nov 1999 23:40:31 -0000
Received: from crash.ab.videon.ca (root@206.75.216.220)
by master.debian.org with SMTP; 11 Nov 1999 23:40:31 -0000
Received: from wakko.deltatee.com (mail@wakko.powersurfr.com [24.108.53.97])
by crash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id QAA06526;
Thu, 11 Nov 1999 16:40:21 -0700 (MST)
Received: from localhost (wakko.deltatee.com) [127.0.0.1] (jgg)
by wakko.deltatee.com with smtp (Exim 2.11 #1)
id 11m3pE-0003ND-00 (Debian); Thu, 11 Nov 1999 16:40:20 -0700
Date: Thu, 11 Nov 1999 16:40:20 -0700 (MST)
From: Jason Gunthorpe <jgg@ualberta.ca>
X-Sender: jgg@wakko.deltatee.com
To: Deity Creation Team <deity@lists.debian.org>
Subject: Fixed Bugs
Message-ID: <[🔎] Pine.LNX.3.96.991111163840.12810C-100000@wakko.deltatee.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
These bugs are fixed in the latest APT upload to unstable, 0.3.14:
apt (0.3.14) unstable; urgency=low
* Fix Perl or group pre-depends thing Closes: #46091, #46096, #46233, #45901
* Fix handling of dpkg's conversions from < -> <= Closes: #46094, #47088
* Make unparsable priorities non-fatal Closes: #46266, #46267, #46293, #46298
* Fix handling of '/' for the dist name. Closes: #43830, #45640, #45692
* Fixed 'Method gave a blank filename' error from IMS queries onto CDs.
Closes: #45034, #45695, #46537
* Made OR group handling in the problem resolver more elaborate. Closes: #45646
* Added APT::Clean-Installed option. Closes: #45973
* Moves the free space check to after the calculated size is printed.
Closes: #46639, #47498
* mipsel arch Closes: #47614
* Beautified URI printing to not include passwords Closes: #46857
* Fixed little problem with --no-download Closes: #47557
* Tweaked Dselect 'update' script to re-gen the avail file even in the
event of a failure Closes: #47112
* Retries for source archives too Closes: #47529
* Unmounts CDROMs iff it mounted them Closes: #45299
* Checks for the partial directories before doing downloads Closes: #47392
* no_proxy environment variable (http only!) Closes: #43476
* apt-cache showsrc Closes: #45799
* De-Refs Single Pure virtual packages. Closes: #42437, #43555
* Regexs for install. Closes: #35304, #38835
* Dependency reports now show OR group relations
* Re-Install feature. Cloes: #46961, #37393, #38919
* Locks archive directory on clean (woops)
* Remove is not 'sticky'. Closes: #48392
* Slightly more accurate 'can not find package' message. Closes: #48311
* --trivial-only and --no-remove. Closes: #48518
* Increased the cache size. Closes: #47648
* Comment woopsie. Closes: #48789
* Removes existing links when linking sources. Closes: #48775
* Problem resolver does not install all virtual packages. Closes: #48591, #49252
* Clearer usage message about 'source' Closes: #48858
* Immediate configure internal error Closes: #49062, #48884
-- Ben Gertzfield <che@debian.org> Sun, 7 Nov 1999 20:21:25 -0800
Reply to:
- References:
- Fixed Bugs
- From: Jason Gunthorpe <jgg@ualberta.ca>