Package: apt Version: 0.9.7.9+deb7u5 apt interprets package names containing `-', `+' and `+' specially, even when they are supplied as simple command line arguments. These characters are, of course, literals in package names, which may occur anywhere other than at the start.
This is a problem because commands such as apt-get remove b.sh apt-get remove bonnie++ apt-get install bonnie+. ought to mean to operate on the specified literal package names, regardless of whether the named packages `exist' (i.e., are known to this instance of apt). Otherwise it is almost impossible for a program which calls apt to reliable `unparse' the command line: that is, to convert an intended operation into a command line which instructs apt to always execute the specified operation. In some circumstances this could be a security problem. Unfortunately this syntax is probably baked-in in some callers, so we will have to have a transition plan. At the very least, apt should currently warn whenever an ambiguous string is interpreted other than as a literal package name. I am thinking of submitting a patch which allows ambiguous package name specifications to be handled in one of three specified ways, according to the configuration: - always treat as literal - always treat as literal, with warning if behaviour changed - current behaviour, with warning if behaviour could change Would such a patch be welcome ? We can then have a conversation about what the default should be. I would like to press ahead with this regardless of agreement on replacement metasyntax. Ian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
