Bug#796476: ftp.debian.org: valid-until for stable
Package: ftp.debian.org
Tags: security
X-Debbugs-CC: debian-release@lists.debian.org
Hi,
Nowadays the Release files for the *stable releases do not have a
Valid-Until field.
>From a security POV, this could allow a replay attack to be performed
on the main stable repositories, which could prevent a user from
getting some security updates.
Would it be possible to have such a valid-until field with a duration
of, say, four months?
Given the trend of doing point updates every few months, the date
could be renewed only at point release time.
Release team: would that be ok for you?
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: