apturl

feature request: apt-ppa uri protocol

Bug #581110 reported by Sergey Klimov
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apturl
New
Wishlist
Unassigned

Bug Description

1. change this text at launchpad:
Adding this PPA to your system

You can update your system with unsupported packages from this untrusted PPA by adding ppa:sikon/liferea-libindicate to your system's Software Sources. (Read about installing)

to something like:
Adding this PPA to your system

You can update your system with unsupported packages from this untrusted PPA by adding <a href="apt-ppa:sikon/liferea-libindicate>ppa:sikon/liferea-libindicate</a> to your system's Software Sources. (Read about installing)

2. write simple frontend for add-apt-repository, that shows information about ppa in command line argument, and ask user: "Do you want to add this untrusted PPA to your system?"
3. Add simple frontend as default handler for apt-ppa: protocol
4. profit!

Tags: ppa
Curtis Hovey (sinzui)
affects: launchpad → soyuz
Julian Edwards (julian-edwards)
affects: soyuz → apturl
tags: added: ppa
Revision history for this message
Alexander Sack (asac) wrote :

we already had that feature in apturl for quite a while ... however, it is kept disabled because of potential security implications.

Michael Vogt (mvo)
Changed in apturl:
importance: Undecided → Wishlist
Revision history for this message
OC (olivier-c) wrote :

I agree that this is a risky proposal. I am not sure that most users realize the meaning of password prompts in Ubuntu, and/or would fully comprehend the meaning of "untrusted PPA", in terms of local security.

Revision history for this message
Julien Nicoulaud (nicoulaj) wrote :

May be adding an intermediate confirmation dialog could be OK ?
The confirmation dialog could list the packages in the PPA that override the ones of the current system, for example if the PPA contains a patched "nautlilus"...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.