| 2011-02-10 16:57:35 |
Michael Vogt |
bug |
|
|
added bug |
| 2011-02-10 17:14:26 |
Curtis Hovey |
launchpad: status |
New |
Triaged |
|
| 2011-02-10 17:14:28 |
Curtis Hovey |
launchpad: importance |
Undecided |
Low |
|
| 2011-02-10 17:14:50 |
Curtis Hovey |
tags |
|
feature releases |
|
| 2011-02-10 22:08:16 |
William Grant |
tags |
feature releases |
feature soyuz-publish |
|
| 2011-07-01 11:14:41 |
Michael Vogt |
summary |
Please support InRelease files and Valid-Until in release files |
Please support Valid-Until in release files for security.ubuntu.com |
|
| 2011-07-01 11:16:21 |
Michael Vogt |
description |
Hi,
Debian has two new features for Release files that we should support as well:
InRelease
That is just the release file with a inline signature (e.g. http://security.debian.org/debian-security/dists/lenny/updates/InRelease)
One nice property is that Release and Release.gpg can no longer get out-of-sync
Valid-Until: header
This prevents "stale-proxy" attacks against our users. It means the Release file needs to get rewrite periodically even if there is nothing to publish. The client verifies after a update that it did the valid-until header is good (e.g. Valid-Until: Sat, 19 Feb 2011 21:32:12 UTC). Without that a attacker who controlls the network can just redirect traffic to a stale version of the archive and prevent the user from getting security updates. |
Debian and apt have a new feature that we should support as well:
Valid-Until: header
This prevents "stale-proxy" attacks against our users. It means the Release file needs to get rewrite periodically even if there is nothing to publish. The client verifies after a update that it did the valid-until header is good (e.g. Valid-Until: Sat, 19 Feb 2011 21:32:12 UTC). Without that a attacker who controlls the network can just redirect traffic to a stale version of the archive and prevent the user from getting security updates. |
|
| 2011-07-01 13:27:03 |
Steve Beattie |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2011-07-01 13:58:03 |
Marc Deslauriers |
bug |
|
|
added subscriber Marc Deslauriers |
| 2012-03-04 22:42:10 |
Jan Claeys |
bug |
|
|
added subscriber Jan Claeys |
| 2013-03-23 16:34:04 |
Gaurav Juvekar |
bug task added |
|
linuxmint |
|
| 2013-06-23 11:28:33 |
Pavel Malyshev |
bug |
|
|
added subscriber Pavel Malyshev |
| 2013-06-23 13:08:19 |
papukaija |
bug |
|
|
added subscriber papukaija |
| 2014-08-18 11:03:40 |
Chris Smith |
bug |
|
|
added subscriber Chris Smith |
| 2015-03-09 15:21:58 |
James Troup |
bug |
|
|
added subscriber The Canonical Sysadmins |
| 2016-11-04 13:29:05 |
Vincent Ladeuil |
bug |
|
|
added subscriber Vincent Ladeuil |
| 2016-11-07 00:02:58 |
Haw Loeung |
bug |
|
|
added subscriber Haw Loeung |
| 2018-01-30 22:03:12 |
Julian Andres Klode |
launchpad: assignee |
|
Julian Andres Klode (juliank) |
|
| 2018-01-30 22:48:11 |
Julian Andres Klode |
launchpad: status |
Triaged |
In Progress |
|
| 2018-01-30 22:49:33 |
Simon Quigley |
bug |
|
|
added subscriber Simon Quigley |
| 2020-04-20 16:21:47 |
Julian Andres Klode |
launchpad: assignee |
Julian Andres Klode (juliank) |
|
|
| 2020-04-20 16:22:12 |
Julian Andres Klode |
launchpad: status |
In Progress |
Confirmed |
|
| 2022-10-06 00:19:36 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
