Ubuntu
qapt package

[MIR] qapt

Bug #609247 reported by Jonathan Thomas
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qapt (Ubuntu)
Fix Released
Critical
Unassigned
Ubuntu natty-alpha-2

Bug Description

Rationale: Fulfills the "Kill install-package" portion of the Kubuntu Lucid Development spec[1] that was postponed due to KPackageKit limitations. QApt builds a qapt-batch utility that is a drop-in replacement for install-package, and features important security improvements such as providing warnings for attempts to install untrusted packages. In addition, it supports debconf and media changing where install-package did not.

QApt may require a security review. It uses Polkit-1 for performing privileged tasks, such as checking for updates, committing changes, and updating the apt-xapian index. All privileged functions do require authentication, but the worker (obviously) runs as root. The worker code can be found in src/worker, relative to the top level directory of the qapt tarball.

I have checked over the MIR requirements carefully, and see no violations. All current build failures on ports architecture appear to be due to archive skew.

Tags: kubuntu
Revision history for this message
Jonathan Riddell (jr) wrote :

pre-promoted to main

Revision history for this message
Alexander Sack (asac) wrote :

riddell said in turn we can remove install-package from the archive.

Kees, do you want to take a look on the security review side of this? If you are happy or think you dont need to review, please assign back to me

Changed in qapt (Ubuntu):
assignee: nobody → Kees Cook (kees)
Revision history for this message
Alexander Sack (asac) wrote :

poke for kees!

Jonathan Thomas (echidnaman)
Changed in qapt (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

Poke.

Jonathan Riddell (jr)
Changed in qapt (Ubuntu):
importance: Wishlist → Critical
milestone: none → natty-alpha-2
tags: added: kubuntu
Revision history for this message
Kees Cook (kees) wrote :

Nothing in the worker jumps out at me. polkit policy looks well-defined, and write operations are appropriately checked, etc. +1, sorry for the delay!

Changed in qapt (Ubuntu):
status: New → Fix Released
Kees Cook (kees)
Changed in qapt (Ubuntu):
assignee: Kees Cook (kees) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.