Hi guys,
I really don't understand debian's security policy... When I read you main
security web page, http://security.debian.org I can't refrain from a urge to
laugh
"Debian takes security very seriously.Most security problems brought to our
attention are corrected within 48 hours. "
Je
What is the status of this (bug) report?
* officially accepted as bug/problem to fix
* officially ignored (classified as "random feature)
--
[pl2en Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED]
http://anfi.homeunix.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
Hi,
You've spent more time to read and reply the mail than the time you
would have spent if you had fixed it, so JUST FIX IT.
Julien gave you the quick fix, it's simple and easy, Debian stable is
for prod servers so valid gnupg signature are MANDATORY.
Gaëtan Duchaussois, feeling angry
--
sign
Julien is right.
Why looking for solution to bypass security systems ffs?
The only valuable solution is to resign as Julien had explaned.
Very very strange for Debian. I can't believe this bug report.
So next, chmod -R 777 / ?
It's the party of the underpants...
Have a nice week-end anyway
Xa
Julien concern about the bug making apt-check-sigs unusable in Sarge can
be addressed by patching the script. It can be modified to (optionally)
accept valid signature by expired key.
Handling of the new command line option would require accepting VALIDSIG
in addition to GOODSIG and treating SIGEX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Thats your problem - sarge officially doesnt support it, etch and
> later only does...
So, let's follow your statement:
- Stable distribution is used on production servers, since production
needs stability.
- So, we do use the official stable Debi
On 10582 March 1977, Xavier Magnier wrote:
> The only point is that I can't risk any risk of compromise servers. So to my
> point of view apt is not usable anymore since the sigs are not valid.
Thats your problem - sarge officially doesnt support it, etch and later
only does...
--
bye Joerg
w
Le Vendredi 3 Mars 2006 22:24, Joerg Jaspert a écrit :
> On 10582 March 1977, [EMAIL PROTECTED] wrote:
> > Yes but we can't wait anymore because apt is unusable
>
> Wrong. apt is not unusable. Some random extra tools may not work
> anymore, but thats a different story. apt, aptitude and all those t
On 10582 March 1977, [EMAIL PROTECTED] wrote:
> Yes but we can't wait anymore because apt is unusable
Wrong. apt is not unusable. Some random extra tools may not work
anymore, but thats a different story. apt, aptitude and all those things
in sarge do not care about that, so yes, it can wait for
> Thank you for your report. Yes, the signature is old, because Packages
> files and such for stable are only generated upon some release. So on
> the next point release, which shouldn't take too long anymore, the 2006
> key will be used.
Yes but we can't wait anymore because apt is unusable since
Jeroen van Wolffelaar wrote:
> On Sun, Feb 26, 2006 at 01:55:53AM +0100, Andrzej Adam Filip wrote:
>
>>Gnupg key used to generate Release.gpg of sarge has expired at
>>2006-01-31. New Release.gpg should be generated using currecnt gpg key.
>
>
> Thank you for your report. Yes, the signature is o
On Sun, Feb 26, 2006 at 01:55:53AM +0100, Andrzej Adam Filip wrote:
> Gnupg key used to generate Release.gpg of sarge has expired at
> 2006-01-31. New Release.gpg should be generated using currecnt gpg key.
Thank you for your report. Yes, the signature is old, because Packages
files and such for s
Package: ftp.debian.org
Severity: important
Gnupg key used to generate Release.gpg of sarge has expired at
2006-01-31. New Release.gpg should be generated using currecnt gpg key.
Old key: 4F368D5D Debian Archive Automatic Signing Key (2005)
New key: 2D230C5F Debian Archive Automatic Signing Key (
13 matches
Mail list logo
