On Fri, May 7, 2010 at 3:17 PM, Denis A. Altoé Falqueto <[email protected]> wrote: > I was thinking about something like that, I would choose something > like 5 or 7 days. This would give a window of attack of at most 7 days > and would give enough time to the mirrors to sync. So, if some package > has a known vulnerability, it would be exploitable by replay attack > only for the last 7 days. After that, the repo.db would expire and the > user would have to download a new one (say, if the mirror is > compromised, it would be an indication of that). If the repository > activity is really low, it would require a new repo.db being resigned > each 5 or 7 days.
Just one more note. GnuPG already embeds the current date and time on the signature. So, counting on the correct time on the dev's machines, we could rely on that to do the check. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------
