Launchpad itself

[Feature Request] Make PPAs available over HTTPs for apt-get

Bug #1676374 reported by jean-christophe manciot
This bug report is a duplicate of:  Bug #1473091: default PPAs to HTTPS. Edit Remove
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
New
Undecided
Unassigned

Bug Description

Currently, only HTTP can be used to access the PPAs with apt-get.

For instance with graphics drivers PPA in /etc/apt/sources.list.d/graphics-drivers-ubuntu-ppa-yakkety.list:
deb https://ppa.launchpad.net/graphics-drivers/ppa/ubuntu yakkety main #Graphics Drivers PPA

leads to:

# apt-get update
...
Ign:4 https://ppa.launchpad.net/graphics-drivers/ppa/ubuntu yakkety InRelease
Ign:5 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:6 https://apt.dockerproject.org/repo ubuntu-xenial InRelease
Err:7 https://ppa.launchpad.net/graphics-drivers/ppa/ubuntu yakkety Release
  404 Not Found
...

This feature should be considered compulsory.

Revision history for this message
William Grant (wgrant) wrote :

Note that this is just a privacy issue. apt authenticates PPAs by their OpenPGP signatures, not TLS, so there's no code execution risk.

information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.