Florian Weimer wrote: > * Eugene V. Lyubimkin: > >> Should this be incorporated into apt in Lenny? It's not hard to >> apply the patch from Thomas, but it doesn't address feature that apt >> should not accept Release files without 'Valid-Until' entry after >> seeing it once earlier. > > Does it use the real-time clock, or does it record Valid-Until > regressions in some other way? > > If it uses the real-time clock, it doesn't fix the issue because our > users typically haven't got a secure time source. Yes, it does. I doubt that apt has something else that can be treated as more secure (time?) source. Suggestions? -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com Ukrainian C++ Developer, Debian APT contributor
Attachment:
signature.asc
Description: OpenPGP digital signature