Re: Salsa update: no more "-guest" and more

To: debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Tomas Pospisek <tpo2@sourcepole.ch>
Date: Thu, 30 Apr 2020 20:56:26 +0200
Message-id: <[🔎] c0e9aa86-cb4c-a28d-af65-4fbefe7c0f7a@sourcepole.ch>
In-reply-to: <[🔎] 76272f9a-c735-1577-6801-94ed2ea42fc8@bzed.de>
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org> <[🔎] f8de3cfd-6d0b-7806-6d86-7e492898374c@debian.org> <[🔎] d1112a8c-712b-d7f0-5b66-96fc57d26598@debian.org> <[🔎] 6cd09e8d-a16a-9132-6ba7-491074650415@debian.org> <[🔎] e0867d6d-d605-d6a4-2022-bb3a9fb58461@bzed.de> <[🔎] e8b300da-b737-8219-914c-2517976d9421@debian.org> <[🔎] 76272f9a-c735-1577-6801-94ed2ea42fc8@bzed.de>

On 30.04.20 01:15, Bernd Zeimetz wrote:
> 
> On 4/28/20 3:20 PM, Thomas Goirand wrote:
> 
>> That's not the case. An MITM attack could gain a session and maintain it
>> open, while the end user would just notice "oh shit, I miss-typed the
>> 2FA numbers, let's try again". Then the only thing the attacker needs to
>> do is keep the session open to not loose access...
> 
> I hope you realize that no session is open forever.

Just for giggles: [longest TCP
connection](https://ask.slashdot.org/comments.pl?sid=1462&cid=1673396)

Reply to:

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Paride Legovini <paride@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Paride Legovini <paride@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>

Prev by Date: Bug#959204: ITP: rootlesskit -- Linux-native "fake root" for rootless containers
Next by Date: Videoconference on Friday 2020-05-01 18:00 UTC (Was: For those who want to keep on contributing (Was: Debian @ COVID-19 Biohackathon (April 5-11, 2020)))
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread