Public bug reported:
Binary package hint: aptitude
I found it interesting to add the names of the repository (e.g. the Origin) and
the archive in the package view. I use the following configuration with the
"pattern" keyword.
aptitude::UI::Default-Grouping "task,status,pattern(~O~A=>\1 -
\2),section(subdir,passthrough),section(topdir)";
At first, I thought it would help spoofing attacks. My "fear" is that a
small, secondary repository could be hacked and if its GPG signature has
been added to APT then nothing prevents the pirate to seamlessly install
an "update" of an essential package with a trojan. But on second
thought, it seems that it is straightforward to spoof the name of a
repository.
So I guess this can only be flagged as WishList...
** Affects: aptitude (Ubuntu)
Importance: Undecided
Status: New
--
Having Aptitude group packages by Origin & Archive
https://bugs.launchpad.net/bugs/122249
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
