> "patch"
That would certainly be useful.
But seriously, complaining over semi-broken captive portals? You need a
vacation.
Fixing an unknown number, but probably hundreds of thousands, broken routers
mostly operated by non-tech-savvy people is not going to happen in a timely
manner.
They will get replaced when they fail and the replacements will have a new set
of
bugs.
So where do we stand?
1. APT cannot recover from receiving broken files. This is *not* just the
result of
captive portals. Truncated files -- even zero-length files -- seem to
cause it
trouble too.
2. Anyone with a router can stop a user from getting security updates from then
on.
Just hand out an IP address and serve a broken file. Yes, that really is a
security
issue.
*You* need to stop blaming the messengers. The problem here is cutting corners
in
the design: putting that amount of trust on the network is not "best practices"
and
hasn't been for 3-4 decades.
I probably shouldn't write all this without being constructive myself,
so here goes:
Item 1 seems to be fixable with a basic syntax check on the file. If the check
fails,
toss the file and life goes on.
Item 2 is much trickier. A full fix probably requires signatures or strong
checksums, i.e.,
it cannot happen in APT alone, but APT could certainly issue a "HEAD" request
and
verify basic things like file length.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt package lists
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/756317/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
