On Mon, Apr 06, 2009 at 02:12:26AM +0200, Peter Palfrader wrote:
> On Tue, 05 Aug 2008, Thijs Kinkhorst wrote:
>
> > On Tuesday 5 August 2008 20:24, martin f krafft wrote:
> > > Sure, we wouldn't want to endanger our release schedule for feature
> > > enhancements or Debian's reputation. ;|
> >
>
On Tue, 05 Aug 2008, Thijs Kinkhorst wrote:
> On Tuesday 5 August 2008 20:24, martin f krafft wrote:
> > Sure, we wouldn't want to endanger our release schedule for feature
> > enhancements or Debian's reputation. ;|
>
> Or put differently, I'd rather spend our time on things that more
> signifi
On Tuesday 5 August 2008 20:24, martin f krafft wrote:
> Sure, we wouldn't want to endanger our release schedule for feature
> enhancements or Debian's reputation. ;|
Or put differently, I'd rather spend our time on things that more
significantly improve the security a of Debian system, and to be
also sprach Thijs Kinkhorst <[EMAIL PROTECTED]> [2008.08.05.1508 -0300]:
> I propose to put this bug at severity "important" which for me
> strikes the right balance between being 'very desirable to fix'
> and not being 'an actual, critical security hole'. OK?
Sure, we wouldn't want to endanger ou
On Tuesday 5 August 2008 16:23, martin f krafft wrote:
> also sprach Thijs Kinkhorst <[EMAIL PROTECTED]> [2008.08.05.0941 -0300]:
> > While it is desirable to implement key expiry, and I hope that the
> > APT team will do so, I do have doubts whether this sould be
> > critical for the release of De
also sprach Thijs Kinkhorst <[EMAIL PROTECTED]> [2008.08.05.0941 -0300]:
> While it is desirable to implement key expiry, and I hope that the
> APT team will do so, I do have doubts whether this sould be
> critical for the release of Debian Lenny. Can you provide
> a scenario that illustrates the c
Hi Martin,
Going through the security issues to fix before lenny, I came by this bug.
> > If I update from an archive whose key recently expired and I have
> > not yet updated the local copy via apt-key -- the local keyring says
> > it's expired -- APT does not complain but just proceeds. I think
severity 433091 critical
# justification: security; incomplete trust model
tags 433091 security
found 433091 0.6.46.4-0.1
thanks
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.07.14.1329 +0200]:
> If I update from an archive whose key recently expired and I have
> not yet updated the local
Package: apt
Version: 0.7.3
Severity: important
If I update from an archive whose key recently expired and I have
not yet updated the local copy via apt-key -- the local keyring says
it's expired -- APT does not complain but just proceeds. I think it
should *at least* warn.
-- System Information:
9 matches
Mail list logo
