> We verify the data before moving it to the final directory. If it is
> there, it is either valid, or we have no key for it, or it is unsigned
> (the latter two will disappear / be disabled at some point I think).
>
> We had some issues where that validation succeeded where it should not
> (for e
Control: tags -1 - security
On Fri, Sep 26, 2014 at 1:59 AM, Evgeny Kapun wrote:
> Package: apt
> Version: 0.9.7.9+deb7u1
> Tags: security
>
> When running `apt-get update`, I noticed that it couldn't update some of the
> lists because of invalid signatures (BADSIG). This happens most frequently
Package: apt
Version: 0.9.7.9+deb7u1
Tags: security
When running `apt-get update`, I noticed that it couldn't update some of the
lists because of invalid signatures (BADSIG). This happens most frequently when
`Release` files don't correspond to `Release.gpg`. I thought that it might be
some cac
3 matches
Mail list logo
