Bug#833785: apt: please add configuration option to never allow installation of unauthenticated packages

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#833785: apt: please add configuration option to never allow installation of unauthenticated packages
From: Holger Levsen <holger@layer-acht.org>
Date: Mon, 8 Aug 2016 18:01:44 +0200
Message-id: <[🔎] 20160808160144.GA21821@layer-acht.org>
Reply-to: Holger Levsen <holger@layer-acht.org>, 833785@bugs.debian.org

Package: apt
Version: 1.3~pre3
Severity: wishlist

Hi,

thanks for maintaing apt, it's really really awesome! 

There is a trivial attack on apt: press "y" on the "do you really want to
install  those unauthenticated packages?" question and there is no way to
prevent people from doing so (by means of configuration), like a strict mode.

Please implement something along these lines, I've heard this is a
blocker for wider Debian adoption by some people/projects/organisations.


-- 
cheers,
	Holger

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#833785: marked as done (apt: please add configuration option to never allow installation of unauthenticated packages)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#832593: apt-listbugs: Ctrl-C is not handled correctly
Next by Date: Bug#833785: marked as done (apt: please add configuration option to never allow installation of unauthenticated packages)
Previous by thread: Bug#833674: marked as done (apt: Use ptsname_r if available)
Next by thread: Bug#833785: marked as done (apt: please add configuration option to never allow installation of unauthenticated packages)
Index(es):
- Date
- Thread