On 15 October 2012 18:46, Michael Gilbert <mgilb...@debian.org> wrote: > On Sun, Oct 14, 2012 at 9:08 PM, Christoph Anton Mitterer wrote: >>> If so, please submit >>> bugs, and we will look at fixing them. Otherwise, speculation gets us >>> nowhere and actually wastes time. >> Well I had once a discussion (around March this year) here about >> blockin/downgrade attacks... which, AFAICS, both are possible in secure >> APT right now.... but there was no real outcome. >> Unforunately it seems that people do not take these higher-level attacks >> really serious.... even though the danger they impose is quite high. > > Are there bug reports with a clear description of the problem, > preferably with a proposed fix? Discussion doesn't really get us > anywhere. Useful info and actual efforts at fixing problems do. >
So far no bugs or problems were uncovered. So nothing to file or fix ;-) I can think of adding SHA-3 hashes... but none of the tools support it yet, so it's future wishlist bug, which I am sure will be acted upon at an appropriate time and doesn't need a bug filed at present time. Regards, Dmitrijs. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/canbhlugzqkk5li8k4xr67g25dlntedivrxlwxatguzosfap...@mail.gmail.com