[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A Look In the Mirror: Attacks on Package Managers

Le dimanche 06 juin 2010 à 14:50 +0900, Ansgar Burchardt a écrit :
> The Release file in the repository has now a Valid-Until field that
> invalidates the repository after some time without updates. This can be
> used to detect a mirror provided outdated packages.
> I am not sure whether APT checks this or not. I hope it does.

It does. If you don’t re-run “apt-get update”, the signature will be
considered invalid.

 .''`.      Josselin Mouette
: :' :
`. `'  “If you behave this way because you are blackmailed by someone,
  `-    […] I will see what I can do for you.”  -- Jörg Schilling

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: