[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#518473: Support for netrc

On Tue, Oct 13, 2009 at 11:06:22PM +0200, David Kalnischkies wrote:
> While it is now commited and this message will maybe redirected to /dev/null
> i just want to express that i am unhappy with this patch:
> First of all: It has no documentation - this is unfortunately also true for
> many other apt features, so this is maybe not a real no-go,
> but also the manpage for the netrc file doesn't even suggest the usage of
> this file for https -- for me it looks like it should be used only for
> "user configuration for ftp" (man 5 netrc).
> So if this file is really used for https in realworld someone should patch
> the manpage - otherwise this new "feature" seems more like an ugly hack...
> (and the last think we need is yet another hack in apt i guess)
> On the other hand, apt already includes a way for client authentication
> (i think) since 0.7.15~exp1 using certificates.
> See the very short man 5 apt.conf description and the (in my eyes) more
> useful descriptions in the beloved config-example:
> /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
> Options: Acquire::https[::repo.domain.tld]::{CaInfo,SslCert,SslKey}
> (This is btw one of the under-documented features -
> feel free to provide patches for this one as well)
> So i am also not really sure if this feature is needed at all --
> or only for the very limited usecases the submitter described original...

Note that the criticality of this bug is related to the fact the normal
http version leaks the passwords to the build logs, and this patch is a
solution for that. If it can be fixed another way, this bug can be 
downgraded back to wishlist.

Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to: