Bug#499897: preventing replay attacks against the security archive

To: "Peter Palfrader" <weasel@debian.org>
Cc: "Philipp Kern" <pkern@debian.org>, "Joerg Jaspert" <joerg@debian.org>, 499897@bugs.debian.org, team@security.debian.org
Subject: Bug#499897: preventing replay attacks against the security archive
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Wed, 8 Oct 2008 16:02:01 +0200 (CEST)
Message-id: <[🔎] 5424e003e946d9d52abb5aaaf485cd6f.squirrel@wm.kinkhorst.nl>
Reply-to: "Thijs Kinkhorst" <thijs@debian.org>, 499897@bugs.debian.org
In-reply-to: <20080925213150.GF15136@anguilla.noreply.org>
References: <200809240804.34689.thijs@debian.org> <87y71gqpri.fsf@delenn.ganneff.de> <20080925164820.GA20313@durotan.0x539.de> <200809252212.31938.thijs@debian.org> <20080925213150.GF15136@anguilla.noreply.org>

On Thu, September 25, 2008 23:31, Peter Palfrader wrote:
> On Thu, 25 Sep 2008, Thijs Kinkhorst wrote:
>
>
>> - have it expire in a period long enough so a new point release will
>> have happened in the meantime, say half a year.
>
> Probably still not acceptable for CD-Roms.

I don't think that should be a problem - I don't believe CD-Roms are the
target of this feature. APT already handles CD-Roms differently so it
could exclude them from this check.

Thijs

Reply to:

Prev by Date: Re: my experimental branch, proposing merge
Next by Date: Re: my experimental branch, proposing merge
Previous by thread: Bug#501480: others have suffered
Next by thread: Bug#344181: marked as done (apt: [libapt-pkg] compiler warning with G++ 3.4.3 on Solaris 2.11)
Index(es):
- Date
- Thread