Ubuntu
update-manager package

Software Updater requires installation of untrusted packages

Bug #1213353 reported by markling
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

Software updater tells me it requires installation of untrusted packages. It says, "This requires installing packages from untrusted sources."

But it does not tell me what packages are untrusted. It does not tell me what untrusted sources it is required to retrieve packages from. And it does not tell me why these packages and sources are untrusted. It neither offers any way of learning this information.

It also denies me any choice in the matter. The warning dialogue has two actions. One is <settings>, which is clearly useful for anyone who already knows the answers to the unanswered questions raised above. The other is <OK>, an invitation to go ahead and install the anonymous untrusted packages from the anonymous untrusted sources. There is no option to decline the installation of these packages.

Being a user of but little knowledge, it just so happens that the little knowledge I have tells me not to install anonymous untrusted packages from untrusted sources. It's the sort of thing parents tell their children nowadays after saying they shouldn't talk to strangers.

So I do the only thing I can, short of spending a week of nights and weeks more nights to learn what it is all about. (If only I had so much time). I close <X> the window and hope it goes away. But it has come back again. I think it might keep coming back. What if it's an important piece of software? What if my operating system fails because I won't let it install anonymous untrusted packages from untrusted sources? And what oh! of the tragic irony if I end up getting malicious anonymous untrusted packages from untrusted sources getting in through a breach in my security left by my refusal to install anonymous untrusted packages from untrusted sources?

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: update-manager 1:0.186.1
ProcVersionSignature: Ubuntu 3.8.0-27.40-generic 3.8.13.4
Uname: Linux 3.8.0-27-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.3
Architecture: amd64
Date: Sat Aug 17 12:18:55 2013
GsettingsChanges:
 b'com.ubuntu.update-manager' b'first-run' b'false'
 b'com.ubuntu.update-manager' b'launch-time' b'1376737045'
 b'com.ubuntu.update-manager' b'show-details' b'true'
 b'com.ubuntu.update-manager' b'window-height' b'468'
 b'com.ubuntu.update-manager' b'window-width' b'680'
InstallationDate: Installed on 2012-11-28 (261 days ago)
InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
MarkForUpload: True
PackageArchitecture: all
SourcePackage: update-manager
UpgradeStatus: Upgraded to raring on 2013-05-14 (94 days ago)

Revision history for this message
markling (markling) wrote :
information type: Private Security → Public
Revision history for this message
markling (markling) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I agree that a user finding themselves in this situation would likely have very little idea of the best path forward; some guidance from the software would be nice to have.

Thanks

Changed in update-manager (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
Changed in update-manager (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.