Re: Recreating history of a package

To: debian-devel@lists.debian.org
Subject: Re: Recreating history of a package
From: Guillem Jover <guillem@debian.org>
Date: Sat, 16 Feb 2019 14:17:06 +0100
Message-id: <[🔎] 20190216131706.GA28998@gaara.hadrons.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] e8f6d636-08dc-0ca8-5a75-759fc806613e@p10link.net>
References: <[🔎] d2aeffc4-d453-8253-f461-2e5a6f9c6755@p10link.net> <[🔎] 23650.51573.548600.103011@chiark.greenend.org.uk> <[🔎] e8f6d636-08dc-0ca8-5a75-759fc806613e@p10link.net>

Hi!

On Sat, 2019-02-16 at 12:22:04 +0000, peter green wrote:
> 2. Snapshot.debian.org is only offered over plain insecure http. For
>    recent versions the packages can be verified against the
>    Packages/Sources files which can in turn be verified with gpg but
>    older versions are more problematic to verify as the relevant
>    packages/sources files are only signed with 1024 bit keys or not
>    signed at all. This is made worse by the fact that
>    snapshot.debian.org has an API to obtain the first snapshot a
>    package is available in but not any API to find the last snapshot
>    it was available in.

http://snapshot.debian.org/ is now offered over https too. Its front-page
even documents its usage as such. :)

Thanks,
Guillem

Reply to:

Follow-Ups:
- Re: Recreating history of a package
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Re: Recreating history of a package
  - From: peter green <plugwash@p10link.net>
- Re: Recreating history of a package
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Recreating history of a package
  - From: peter green <plugwash@p10link.net>

Prev by Date: Re: Recreating history of a package
Next by Date: Re: Use of the Build-Conflicts field
Previous by thread: Re: Recreating history of a package
Next by thread: Re: Recreating history of a package
Index(es):
- Date
- Thread