I tried enabling data checksumming, hoping it would work around the
problem.  No such luck; the archive is still silently corrupted.

This is probably a HUGE security problem for a publicly accessible
apt-cacher, as anyone could create a fake repository and overwrite new
packages with malicious packages of the same name, before they get
requested by legitimate clients.  (Sure, recent distros have apt
authentication, but the warnings are easy to ignore; sbuild for example
ignores them by default.)




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to