[MIR] qapt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qapt (Ubuntu) |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Rationale: Fulfills the "Kill install-package" portion of the Kubuntu Lucid Development spec[1] that was postponed due to KPackageKit limitations. QApt builds a qapt-batch utility that is a drop-in replacement for install-package, and features important security improvements such as providing warnings for attempts to install untrusted packages. In addition, it supports debconf and media changing where install-package did not.
QApt may require a security review. It uses Polkit-1 for performing privileged tasks, such as checking for updates, committing changes, and updating the apt-xapian index. All privileged functions do require authentication, but the worker (obviously) runs as root. The worker code can be found in src/worker, relative to the top level directory of the qapt tarball.
I have checked over the MIR requirements carefully, and see no violations. All current build failures on ports architecture appear to be due to archive skew.
Changed in qapt (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in qapt (Ubuntu): | |
importance: | Wishlist → Critical |
milestone: | none → natty-alpha-2 |
tags: | added: kubuntu |
Changed in qapt (Ubuntu): | |
assignee: | Kees Cook (kees) → nobody |
pre-promoted to main