Re: Problem at https://packages.debian.org/buster/timeshift
On Wed, Feb 26, 2020 at 9:29 AM Richard Owlett wrote:
> I followed the link. And, needing more information, I clicked on
> "Homepage [teejeetech.blogspot.in]" and received the message:
> > You're about to be redirected
> >
> > The blog that used to be here is now at http://www.teejeetech.in/.
> >
> > Do you wish to be redirected?
>
> Is this a bug or some sort of "man-in-the-middle attack"?
> How can I safely tell the difference?
> If it is, how/where do I report it? I've never filed a bug report.
It looks like the timeshift author used to host their blog on Google
Blogspot, but later moved it to an external domain. There is no attack
because it happens even when you connect over https. Please report a
bug against timeshift asking for the Homepage to be updated to the URL
below, which seems to be the correct location.
https://www.debian.org/Bugs/Reporting
https://teejeetech.in/timeshift/
While you are at it, please also file a bug or patch against the DUCK
tool so that this strange form of redirect gets automatically detected
and reported. Probably just detecting the phrase "used to be here"
should be enough. IIRC duck already has a list of "redirect" phrases,
so you could just patch the list to add that.
http://duck.debian.net/
https://packages.debian.org/sid/duck
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: