Re: software outside Debian (Re: holes in secure apt)
On 2014-06-23 13:42, Jakub Wilk wrote:
* Christoph Anton Mitterer <email@example.com>, 2014-06-22, 04:34:
There are a few mechanisms to mitigate downgrade attacks within the
* Valid-Until fields in the Release files;
I still think the time spans are far too long here...
For the record, the validity periods currently are:
can someone please tell me against what I could report a bug (i.e.
politely ask for enhancement by making the time span much smaller)?
My guesses would be:
"reportbug ftp.debian.org" for unstable and experimental;
"reportbug release.debian.org" for testing, (old)stable and their
firstname.lastname@example.org for the security.d.o archive;
email@example.com for squeeze-lts.
Those are all dak configuration, so controlled by ftpmaster.