Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default /etc/aptly-cli.conf is not secure #156

Open
likema opened this issue May 14, 2019 · 3 comments
Open

Default /etc/aptly-cli.conf is not secure #156

likema opened this issue May 14, 2019 · 3 comments

Comments

@likema
Copy link

likema commented May 14, 2019

It would leak password.

I suggest that aptly-cli tries to load:

  1. ~/.config/aptly-cli/aptly-cli.conf
  2. /etc/apt-cli/aptly-cli.conf
@sepulworld
Copy link
Owner

Thanks for feedback @likema. How would it be insecure exactly? File system permissions should protect access to the config file. So, depending on what user is running aptly-cli it would determine if the process can access /etc/aptly-cli.conf or not.

@sepulworld
Copy link
Owner

I see what you mean now. We should offer a tiered approach similar to the Unix philosophy on configuration files. http://www.faqs.org/docs/artu/ch10s02.html

Ill look into adding a multi level approach. Or if you want to try something out and submit a PR, that would be great too.

@likema
Copy link
Author

likema commented May 23, 2019

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sepulworld @likema