On 2014-06-23 13:42, Jakub Wilk wrote:
* Christoph Anton Mitterer <calestyo@scientia.net>, 2014-06-22, 04:34:There are a few mechanisms to mitigate downgrade attacks within the archive:* Valid-Until fields in the Release files;I still think the time spans are far too long here...For the record, the validity periods currently are:
[...]
can someone please tell me against what I could report a bug (i.e. politely ask for enhancement by making the time span much smaller)?My guesses would be: "reportbug ftp.debian.org" for unstable and experimental; "reportbug release.debian.org" for testing, (old)stable and their (proposed-)updates; team@security.d.o for the security.d.o archive; debian-lts@lists.d.o for squeeze-lts.
Those are all dak configuration, so controlled by ftpmaster. Regards, Adam