2021-02-02 15:29:15 |
Rolf Leggewie |
bug |
|
|
added bug |
2021-02-02 15:46:55 |
Rolf Leggewie |
description |
I was shocked to find out that a package in Ubuntu installs a sources.list snippet to point to a third-party repo. So far, I've always had to specifically enable any such third-party repo (Skype, etc.), so I was well aware of what was going on. That there is a package in universe allowed to sneak stuff in behind my back like that without at the very least a BIG FAT WARNING is untenable.
I have read https://lists.ubuntu.com/archives/technical-board/2014-April/001858.html and following BTW. I understood that to be about discussing the requirements to set up a separate, Ubuntu-sanctioned distribution channel supposedly for IP-related reasons. I'm fine with that. I'm absolutely not fine with a third-party repo being enabled automatically behind my back. |
I was shocked to find out that a package in Ubuntu installs a sources.list snippet to point to a third-party repo. So far, I've always had to specifically enable any such third-party repo (Skype, etc.), so I was well aware of what was going on. That there is a package in universe allowed to sneak stuff in behind my back like that without at the very least a BIG FAT WARNING is untenable.
I have read https://lists.ubuntu.com/archives/technical-board/2014-April/001858.html and following BTW. I understood that to be about discussing the requirements to set up a separate, Ubuntu-sanctioned distribution channel supposedly for IP-related reasons. I'm fine with that. I'm absolutely not fine with a third-party repo being enabled automatically behind my back.
$ cat /etc/apt/sources.list.d/ubuntukylin.list
deb http://archive.ubuntukylin.com:10006/ubuntukylin focal main
$ sudo dpkg -S /etc/apt/sources.list.d/ubuntukylin.list
ubuntukylin-default-settings: /etc/apt/sources.list.d/ubuntukylin.list
$ apt policy ubuntukylin-default-settings
ubuntukylin-default-settings:
Installed: 20.04.2
Candidate: 20.04.2
Version table:
*** 20.04.2 500
500 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu focal/universe i386 Packages
100 /var/lib/dpkg/status |
|
2021-02-02 15:47:26 |
Rolf Leggewie |
description |
I was shocked to find out that a package in Ubuntu installs a sources.list snippet to point to a third-party repo. So far, I've always had to specifically enable any such third-party repo (Skype, etc.), so I was well aware of what was going on. That there is a package in universe allowed to sneak stuff in behind my back like that without at the very least a BIG FAT WARNING is untenable.
I have read https://lists.ubuntu.com/archives/technical-board/2014-April/001858.html and following BTW. I understood that to be about discussing the requirements to set up a separate, Ubuntu-sanctioned distribution channel supposedly for IP-related reasons. I'm fine with that. I'm absolutely not fine with a third-party repo being enabled automatically behind my back.
$ cat /etc/apt/sources.list.d/ubuntukylin.list
deb http://archive.ubuntukylin.com:10006/ubuntukylin focal main
$ sudo dpkg -S /etc/apt/sources.list.d/ubuntukylin.list
ubuntukylin-default-settings: /etc/apt/sources.list.d/ubuntukylin.list
$ apt policy ubuntukylin-default-settings
ubuntukylin-default-settings:
Installed: 20.04.2
Candidate: 20.04.2
Version table:
*** 20.04.2 500
500 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu focal/universe i386 Packages
100 /var/lib/dpkg/status |
I was shocked to find out that a package in Ubuntu installs a sources.list snippet to point to a third-party repo. So far, I've always had to specifically enable any such third-party repo (Skype, etc.), so I was well aware of what was going on. That there is a package in universe allowed to sneak stuff in behind my back like that without at the very least a BIG FAT WARNING is untenable.
I have read https://lists.ubuntu.com/archives/technical-board/2014-April/001858.html and following BTW. I understood that to be about discussing the requirements to set up a separate, Ubuntu-sanctioned distribution channel supposedly for IP-related reasons. I'm fine with that. I'm absolutely not fine with a third-party repo being enabled automatically behind my back.
$ cat /etc/apt/sources.list.d/ubuntukylin.list
deb http://archive.ubuntukylin.com:10006/ubuntukylin focal main
$ sudo dpkg -S /etc/apt/sources.list.d/ubuntukylin.list
ubuntukylin-default-settings: /etc/apt/sources.list.d/ubuntukylin.list
$ apt policy ubuntukylin-default-settings
ubuntukylin-default-settings:
Installed: 20.04.2
Candidate: 20.04.2
Version table:
*** 20.04.2 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
100 /var/lib/dpkg/status |
|
2021-02-02 16:30:25 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2021-02-02 18:36:40 |
Steve Langasek |
bug |
|
|
added subscriber Steve Langasek |