On Sun, Nov 23, 2008 at 11:24:14PM +0200, Eugene V. Lyubimkin wrote:
Joerg Jaspert wrote:
- have it expire in a period long enough so a new point release will
have happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
I don't think that should be a problem
Quoting Eugene V. Lyubimkin ([EMAIL PROTECTED]):
doesn't allow seeing previous Release files while deciding accept or decline
just
downloaded one - apt ABI bump may be needed. And this is also another pain
for Christian,
we just done last (we hope) translation changes for apt.
Well,
* Eugene V. Lyubimkin:
Should this be incorporated into apt in Lenny? It's not hard to
apply the patch from Thomas, but it doesn't address feature that apt
should not accept Release files without 'Valid-Until' entry after
seeing it once earlier.
Does it use the real-time clock, or does it
Florian Weimer wrote:
* Eugene V. Lyubimkin:
Should this be incorporated into apt in Lenny? It's not hard to
apply the patch from Thomas, but it doesn't address feature that apt
should not accept Release files without 'Valid-Until' entry after
seeing it once earlier.
Does it use the
* Eugene V. Lyubimkin:
If it uses the real-time clock, it doesn't fix the issue because our
users typically haven't got a secure time source.
Yes, it does. I doubt that apt has something else that can be
treated as more secure (time?) source.
At the very least, apt could check that the
- have it expire in a period long enough so a new point release will
have happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
I don't think that should be a problem - I don't believe CD-Roms are the
target of this feature. APT already handles CD-Roms
Joerg Jaspert wrote:
- have it expire in a period long enough so a new point release will
have happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
I don't think that should be a problem - I don't believe CD-Roms are the
target of this feature. APT already
On Thu, September 25, 2008 23:31, Peter Palfrader wrote:
On Thu, 25 Sep 2008, Thijs Kinkhorst wrote:
- have it expire in a period long enough so a new point release will
have happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
I don't think that should be
On Wed, Sep 24, 2008 at 01:01:54PM +0200, Joerg Jaspert wrote:
I think apt should accept Release files without this header. If it ever
sees such a header it should *no longer* accept new release files
without it. Ie. old file does not have it - new file doesnt need
it. Old file has it - new
I think apt should accept Release files without this header. If it ever
sees such a header it should *no longer* accept new release files
without it. Ie. old file does not have it - new file doesnt need
it. Old file has it - new file needs it.
This would break on people using the codenames
On Thu, Sep 25, 2008 at 04:11:29PM +0200, Joerg Jaspert wrote:
(It would be easy to regenerate it weekly, while having it expire after
30 or 60 days. Now, stable itself doesn't change so often, only for
point releases. And its also not security related, as those get in via
the security
On Thursday 25 September 2008 18:48, Philipp Kern wrote:
But releases do not expire. Thus a valid-until does not make sense
semantically, too, IMHO. Of course security must have it.
Security updates also do not expire, so the last remark is a non sequitur.
However, I think it does make sense
On Thu, 25 Sep 2008, Thijs Kinkhorst wrote:
- have it expire in a period long enough so a new point release will have
happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader
Hi Jörg,
Done. We now generate Release files having Valid-Until: headers. Same
format as the Date: one, just currently (for the main archive) 7 days in
future.
Thanks for implementing this. When is this file regenerated, daily?
Would be nice if apt could get this implemented soon[1] and
On 11518 March 1977, Thijs Kinkhorst wrote:
Done. We now generate Release files having Valid-Until: headers. Same
format as the Date: one, just currently (for the main archive) 7 days in
future.
Thanks for implementing this. When is this file regenerated, daily?
On klecker - not at all right
Package: ftp.debian.org, apt
Hi,
In RT#744[1] an attack was brought up wherein an adversary causes the
vicitim to use an outdated copy of the security mirror, thereby
preventing the victim from getting security updates.
The attack is not new, but Debian still has very little to offer for
On 11517 March 1977, Peter Palfrader wrote:
One proposed solution is to optionally add a Valid-Until field to
Release files on at least the security archive, tho it might make sense
for unstable etc also.
Should be easy for us (ftp.d.o) to do, I think i add something like this
soon.
--
On 11517 March 1977, Peter Palfrader wrote:
One proposed solution is to optionally add a Valid-Until field to
Release files on at least the security archive, tho it might make sense
for unstable etc also.
Should be easy for us (ftp.d.o) to do, I think i add something like this
soon.
also,
reassign 499897 apt
severity 499897 important
thanks
On 11517 March 1977, Joerg Jaspert wrote:
One proposed solution is to optionally add a Valid-Until field to
Release files on at least the security archive, tho it might make sense
for unstable etc also.
Should be easy for us (ftp.d.o) to
19 matches
Mail list logo
