Bug#749795: apt: no authentication checks for source packages
On Sat, May 31, 2014 at 12:07:48AM +0200, David Kalnischkies wrote:
> On Fri, May 30, 2014 at 03:21:20PM +0200, Michael Vogt wrote:
> > >From b7f501b5cc8583f61467f0c7a0282acbb88e4b29 Mon Sep 17 00:00:00 2001
> > From: Michael Vogt <mvo@debian.org>
> > Date: Fri, 30 May 2014 14:47:56 +0200
> > Subject: [PATCH] Show unauthenticated warning for source packages as well
> >
> > This will show the same unauthenticated warning for source packages
> > as for binary packages and will not download a source package if
> > it is unauthenticated. This can be overriden with
>
> typo: overridden
Thanks, fixed.
> > + // check authentication status of the source as well
> > + if (UntrustedList != "" && !AuthPrompt(UntrustedList, true))
> > + return false;
>
> As said, I don't think 'apt-get source' should be interactive, so this
> true should be a false, right?
>
> Reasons (as a repeat):
> - it was not interactive before
> - the error message on 'no' talks about install, so we would need a new
> string
> - 'apt-get download' isn't interactive either
> (- it is more in line with your own commit summary)
>
> Counter arguments?
[..]
Good point! No counter arguments, the risk of breaking script by
prompting is indeed a good reason not to show the prompt (and we do
the same for download).
I changed it to non-interactive now.
Cheers,
Michael
Reply to: