Re: Package management unsafe?
On Sat, 12 Jul 2008, Frank Lichtenheld wrote:
> On Fri, Jul 11, 2008 at 11:48:03AM -0400, Michael Casadevall wrote:
> > Maybe a check should be added to APT to flag a warning if there has been no
> > updates for a significant period of time? That way if a mirror ever does
> > that, its more detectable.
> That really doesn't make any sense for stable users since our point
> releases aren't exactly weekly ;)
It wouldn't be a huge deal to re-sign the package list every n days
and warn if the package list was signed more than n+r days ago. [This
would even be useful to handle properly mirrors which are just out of
date even without nefarious behavoir.]
Quite the contrary; they *love* collateral damage. If they can make
you miserable enough, maybe you'll stop using email entirely. Once
enough people do that, then there'll be no legitimate reason left for
anyone to run an SMTP server, and the spam problem will be solved.
-- Craig Dickson in <20020909231134.GA18917@linux700.localnet>