Your message dated Mon, 8 Aug 2016 19:45:48 +0200 with message-id <20160808174547.sndmandudky4fntl@crossbow> and subject line Re: Bug#833785: apt: please add configuration option to never allow installation of unauthenticated packages has caused the Debian Bug report #833785, regarding apt: please add configuration option to never allow installation of unauthenticated packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 833785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833785 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: please add configuration option to never allow installation of unauthenticated packages
- From: Holger Levsen <holger@layer-acht.org>
- Date: Mon, 8 Aug 2016 18:01:44 +0200
- Message-id: <[🔎] 20160808160144.GA21821@layer-acht.org>
Package: apt Version: 1.3~pre3 Severity: wishlist Hi, thanks for maintaing apt, it's really really awesome! There is a trivial attack on apt: press "y" on the "do you really want to install those unauthenticated packages?" question and there is no way to prevent people from doing so (by means of configuration), like a strict mode. Please implement something along these lines, I've heard this is a blocker for wider Debian adoption by some people/projects/organisations. -- cheers, HolgerAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Holger Levsen <holger@layer-acht.org>, 833785-done@bugs.debian.org
- Subject: Re: Bug#833785: apt: please add configuration option to never allow installation of unauthenticated packages
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Mon, 8 Aug 2016 19:45:48 +0200
- Message-id: <20160808174547.sndmandudky4fntl@crossbow>
- In-reply-to: <[🔎] 20160808160144.GA21821@layer-acht.org>
- References: <[🔎] 20160808160144.GA21821@layer-acht.org>
On Mon, Aug 08, 2016 at 06:01:44PM +0200, Holger Levsen wrote: > There is a trivial attack on apt: press "y" on the "do you really want to > install those unauthenticated packages?" question and there is no way to > prevent people from doing so (by means of configuration), like a strict mode. > > Please implement something along these lines, I've heard this is a > blocker for wider Debian adoption by some people/projects/organisations. apt/stretch (and other applications based on libapt/stretch like aptitude) and apt-get/buster deny to "update" metadata from unsigned or otherwise insecure repositories by default, see also apt-secure manpage. [apt-get/stretch is just complaining very loudly for compatibility reasons, you can opt-out of this at your choice at any time] As such, I don't think its a good idea to introduce yet another security related option at a later stage in the process which only effects apt/apt-get, but not aptitude & all other frontends as the idea is to simplify here, instead of increasing complexity. (My secret plan for bullseye is actually to have all these unauthenticated/insecure codepaths completely removed as its a constant source of security bugs in libapt-based frontends which just don't expect untrusted data as in all normal cases you only deal with trusted) I am therefore closing as done on the premise that such a requested "strict mode" already exists, althrough at the "update" instead of the install/remove stages. Best regards David KalnischkiesAttachment: signature.asc
Description: PGP signature
--- End Message ---