On Sat, Aug 21, 2021 at 09:45:54AM +0200, Tomas Pospisek wrote: > On 21.08.21 09:14, Philipp Kern wrote: > > defense in depth if we wanted to, but maybe the world just agreed that > > you need to get your clock roughly correct. ;-) > > I remember seeing apt-get refusing to update packages or the index because > of them "having timestamps in the future" or in other words system time > being out of sync in direction of the past. APT requires the time to be more or less correct since ever¹ by virtue of e.g. gpg keys (or signatures) expiring and expired keys are bad. In recent years we became more reliant on the time to ensure repositories are somewhat current refusing repos from too long in the past as well as from the future. At least these can be worked around with -o Acquire::Check-Date=false. For gpg you will need another workaround I can't remember of the top of my hat. There are likely more problems as it is easier to just set the clock approximately correct than to remember all the workarounds in "the time of need"… Best regards David Kalnischkies ¹ okay, ~15 years of apt-secure are not exactly ever, but close enough.
Attachment:
signature.asc
Description: PGP signature