Ubuntu
apturl package

It is unclear which repository a package is installed from

Bug #140466 reported by Wouter Stomp
4
Affects Status Importance Assigned to Milestone
apturl (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: apturl

It should be clear for a user which repository a package is installed from and there should be a big warning somewhere if this is not from the official ubuntu repository.

e.g. when the following link is clicked
apt+http://myspywarearchive.com?package=acroread?dist=feisty?section=commercial
it looks the same to the user as when acroread is installed from the official repositories

Revision history for this message
Wouter Stomp (wouterstomp-deactivatedaccount) wrote :

You have to copy and paste the url to the location bar because launchpad doesn't link the whole url.

Revision history for this message
TerryG (tgalati4) wrote :

Thanks for the bug submission. Provided link is not working. The name of the server certainly looks suspicious. And doesn't appear to be up anymore--unknown host.

Valid repositories have a key signature. For ones that don't--you are taking your chances.

Marking Incomplete pending new link.

Changed in apturl:
status: New → Incomplete
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your bugreport.

We do no longer support installing via apt+http:// because of the security concerns. apturl does currently only support installing from already known repositories.

Changed in apturl:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.