On 11518 March 1977, Thijs Kinkhorst wrote: >> Done. We now generate Release files having "Valid-Until:" headers. Same >> format as the Date: one, just currently (for the main archive) 7 days in >> future. > Thanks for implementing this. When is this file regenerated, daily?
On klecker - not at all right now. Need to sync kleckers code first. And possibly rework klecker setup, its insane atm with its filerights and stuff. Both on my todo list for "soon" but requires work and coordination and foo. :) Will happen definitely before Lenny. Other than that - Release files are regenerated whenever something gets added to the archive. I also will need to add a cronjob regenerating the release files daily, if they get older than a day (or two). Just in case there are no DSAs (or archive updates) for that time, so we dont run into all apts complaining just because there was no archive update. :) >> Would be nice if apt could get this implemented soon[1] and then the >> release team asked how we could get this into lenny. >> (If its *only* this change, maybe lenny proper. If that doesnt work, >> maybe r1? Or possibly really a DSA for it). > I guess APT would need to reject Release files that do not contain any > Valid-Until header (or you could still do the attack with the files we served > until now). However, that could break a lot of private repositories and the > software that runs them would need to be fixed aswell. So I'm not sure if we > manage to do all that in time for lenny. In case this indeed turns out to be > a problem we may get away with it being an optional feature for lenny that > can be turned on by a cautious administrator, and that will be default on for > squeeze? I think apt should accept Release files without this header. If it ever sees such a header it should *no longer* accept new release files without it. Ie. "old file does not have it - new file doesnt need it". "Old file has it - new file needs it". Combined with a warning "Can't find Valid-until header in Release file" that should suffice. It allows you to run an archive without that header, but forbids you to lose it (unless you do manual action and remove old files), which should prevent the mitm playing with it. (Assuming you have an initial good contact with the net, but if you dont you are dead anyways). -- bye, Joerg If the autobuilder tells me that my package failed to build from source, it's probably doing that on some obscure architecture I don't have access to.
pgpr38K6gRppS.pgp
Description: PGP signature