[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252



On Fri, Dec 16, 2016 at 4:33 AM, Patrick Schleizer wrote:

> Is it possible to disable InRelease processing by apt-get?

The answer from #debian-apt is that there is no setting for this.

Your options are:

Use an intercepting proxy that replies with 404 to InRelease files.

Do an apt update to download InRelease/Release/Release.gpg using apt
and then manually verify them with gpg before doing the upgrade.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


Reply to: