Hello David,
On Sun, 2017-08-20 at 17:51 +0200, David Kalnischkies wrote:
> On Fri, Aug 18, 2017 at 04:33:01PM +0530, Ritesh Raj Sarraf wrote:
> > Currently, our approach has a flaw. It completely misses to
> > validate
> > the Packages files. Instead, just after verifying the Release file,
> >
Hi,
(Input from apt devs was requested on IRC, so here you go – please CC me
if there is something you think I could help with. Note that I am not an
apt-offline user nor do I know how it works; I have just read the
package description)
On Fri, Aug 18, 2017 at 04:33:01PM +0530, Ritesh Raj
Processing control commands:
> tag -1 +confirmed
Bug #871656 [apt-offline] apt-offline: Does not validate Packages or .deb files
in bundle
Added tag(s) confirmed.
> severity -1 serious
Bug #871656 [apt-offline] apt-offline: Does not validate Packages or .deb files
in bundle
Severity set to
Processing control commands:
> severity -1 normal
Bug #871656 [apt-offline] apt-offline: Does not validate Packages or .deb files
in bundle
Severity set to 'normal' from 'serious'
> tag -1 +moreinfo
Bug #871656 [apt-offline] apt-offline: Does not validate Packages or .deb files
in bundle
Added
Control: severity -1 normal
Control: tag -1 +moreinfo
Hello Stuart,
On Thu, 2017-08-10 at 23:17 +1000, Stuart Prescott wrote:
> apt-offline claims to do gpg validation of the contents of the zip
> file and
> claims that this is an important thing for it to do.
>
> --allow-unauthenticated
>
Package: apt-offline
Version: 1.7.2
Severity: serious
Tags: security
Dear Maintainer,
apt-offline claims to do gpg validation of the contents of the zip file and
claims that this is an important thing for it to do.
--allow-unauthenticated
Don't verify GPG signatures for the data
6 matches
Mail list logo
