Comment 7 for bug 139227

Of course, you can use sources.list.d, so for exactly the same reasons than apturl can be used by malicious people to add a repository to your computer, also gdebi can. I am happy to have gdebi, and should I ever need apturl functionality, I could just provide a deb with a single file, installed in /etc/apt/sources.list.d. This is what I mean.

There is no increased security in not providing apturl, since we have gdebi, and there is no decreased security in providing apturl, since we have gdebi. I want to point out that we need a coherent decision.