Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: "Eugene V. Lyubimkin" <jackyf.devel@gmail.com>, team@security.debian.org, Debian Release <debian-release@lists.debian.org>, APT Development Team <deity@lists.debian.org>, 499897@bugs.debian.org
Subject: Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 15 Jan 2009 22:27:24 +0100
Message-id: <[🔎] 8763kgjm4j.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20090115210530.GA9432@galadriel.inutil.org> (Moritz Muehlenhoff's message of "Thu, 15 Jan 2009 22:05:31 +0100")
References: <[🔎] 49627ED6.2090605@gmail.com> <[🔎] 20090111173353.GQ10698@chistera.yi.org> <[🔎] 20090115210530.GA9432@galadriel.inutil.org>

* Moritz Muehlenhoff:

>> And there is also the option of including it in the first point release,
>> after a month or two of testing in unstable.
>
> Since the replay attack isn't exactly grave, it could just as well be added
> into 5.0.1 oder 5.0.2 once it has gotten some testing.

And if Valid-Until is only checked against the real-time clock, the
attacker can still feed bad data over NTP, so it's not even a complete
defense. 8-(

Reply to:

Follow-Ups:
- Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
  - From: "Eugene V. Lyubimkin" <jackyf.devel@gmail.com>

References:
- Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
  - From: "Eugene V. Lyubimkin" <jackyf.devel@gmail.com>
- Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
  - From: Adeodato Simó <dato@net.com.org.es>
- Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
Next by Date: Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
Previous by thread: Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
Next by thread: Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes
Index(es):
- Date
- Thread