adept manager does not check the signature of the repository
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adept (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: adept-manager
Hi there,
I have my own little repository on my main server on a LAN. I added this repository to /etc/apt/
This implies that the chain of trust is broken and it's possible to slip mailicous packages to the end-user without him ever noticing ... if he uses adept-manager.
Maybe I have missed something obvious, but this is a fresh install of Kubuntu gutsy, and I haven't noticed any option for disabling this check that I might have accidently activated.
Kind regards,
Lee Garrett
Hello,
has anyone been able to reproduce this bug? I think it is really important.
Kind regards,
Lee