Bug#776562: apt: Please document explicitly that "apt-get --force-yes" may allow unauthenticated packages to be installed
Package: apt
Version: 1.0.9.6
Severity: wishlist
Tags: security
Dear APT Developers,
apt-get(8) states:
--force-yes
Force yes; this is a dangerous option that will cause apt to
continue without prompting if it is doing something
potentially harmful. It should not be used except in very
special situations. Using force-yes can potentially destroy
your system! Configuration Item: APT::Get::force-yes.
Please mention explicitly that this may cause unauthenticated packages
to be installed.
Reasoning:
Many people seem to assume that the aforementioned words "dangerous" and
"harmful" imply broken stuff or inconsistencies, i.e. stuff doesn't work
anymore afterwards.
They don't expect or at least don't think of security-related issues
like e.g. a compromised system which you may not notice immediately.
Examples of bug reports caused due this assumption:
* https://github.com/grml/grml-debootstrap/issues/62 (grml-debootstrap;
upstream bug report)
* https://bugs.debian.org/776487 (in xen-tools; initially reported
upstream, bug exists since 2005)
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (500, 'buildd-unstable'), (400, 'stable'), (110, 'experimental'), (1, 'buildd-experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.18.0-trunk-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages apt depends on:
ii debian-archive-keyring 2014.3
ii gnupg 1.4.18-6
ii libapt-pkg4.12 1.0.9.6
ii libc6 2.19-13
ii libgcc1 1:4.9.2-10
ii libstdc++6 4.9.2-10
apt recommends no packages.
Versions of packages apt suggests:
ii apt-doc 1.0.9.6
ii aptitude 0.6.11-1+b1
ii dpkg-dev 1.17.23
ii python-apt 0.9.3.11
ii wajig 2.17
-- no debconf information
Reply to: