Ubuntu
apt package

Support for HTTPS is broken

Bug #1209292 reported by Pierre Carrier
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned

Bug Description

As we improve the security of our artifacts pipeline, our APT repository was moved to HTTPS.

We started hitting a serious bug with apt's handling of package metadata.

The bug was already reported upstream:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705648

Revision history for this message
Pierre Carrier (pcarrier) wrote :

A fix for Precise would be much welcome.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu):
status: New → Confirmed
Revision history for this message
Dallam Oliver-Lee (doliverlee) wrote :

apt needs to turn on HTTPS for all repos by default. I have no problem for the Google repo being grabbed via HTTPS.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Adjusting the bug status. Fix is released, at least in trusty and up. I believe precise is still affected.

Changed in apt (Ubuntu Precise):
status: New → Confirmed
Changed in apt (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in apt (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.