Project

General

Profile

Bug #15847

Audit our usage of apt/apt-get's --force-yes option

Added by intrigeri 11 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
08/26/2018
Due date:
% Done:

100%

Feature Branch:
Type of work:
Security Audit
Blueprint:
Starter:
Affected tool:

Description

"This option name doesn't sound very dangerous, but it makes APT assume
the “yes” answer to all questions, including the question about
installing packages that couldn't be authenticated…"

Both the build system and ASP might be impacted.


Related issues

Blocks Tails - Feature #15334: Core work 2018Q3: Foundations Team Resolved 02/20/2018

History

#1 Updated by intrigeri 11 months ago

#2 Updated by intrigeri 11 months ago

  • Description updated (diff)

#3 Updated by intrigeri 11 months ago

  • Status changed from Confirmed to Resolved
  • Assignee deleted (intrigeri)
  • % Done changed from 0 to 100
  • Private changed from Yes to No

False alarm, I was confusing this option with -y. I've checked tails.git, our submodules and our Puppet code: we don't use --force-yes at all.

Also available in: Atom PDF