Valid-Until: header
This prevents "stale-proxy" attacks against our users. It means the Release file needs to get rewrite periodically even if there is nothing to publish. The client verifies after a update that it did the valid-until header is good (e.g. Valid-Until: Sat, 19 Feb 2011 21:32:12 UTC). Without that a attacker who controlls the network can just redirect traffic to a stale version of the archive and prevent the user from getting security updates.
Hi,
Debian has two new features for Release files that we should support as well:
InRelease security. debian. org/debian- security/ dists/lenny/ updates/ InRelease)
That is just the release file with a inline signature (e.g. http://
One nice property is that Release and Release.gpg can no longer get out-of-sync
Valid-Until: header
This prevents "stale-proxy" attacks against our users. It means the Release file needs to get rewrite periodically even if there is nothing to publish. The client verifies after a update that it did the valid-until header is good (e.g. Valid-Until: Sat, 19 Feb 2011 21:32:12 UTC). Without that a attacker who controlls the network can just redirect traffic to a stale version of the archive and prevent the user from getting security updates.