make apt-key net-update secure
Bug #1013681 reported by
Jamie Strandboge
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apt (Debian) |
New
|
Unknown
|
|||
| apt (Ubuntu) |
Triaged
|
High
|
Michael Vogt | ||
Bug Description
Attacks are being performed against the 'apt-key net-update' command and it is not considered secure. While it is in the process of being disabled in Ubuntu, it should be improved to be secure.
References:
https:/
https:/
https:/
http://
http://
http://
http://
Related branches
| visibility: | private → public |
| Changed in apt (Ubuntu): | |
| assignee: | nobody → Michael Vogt (mvo) |
| importance: | Undecided → High |
| status: | New → Triaged |
| tags: | added: rls-q-incoming |
| Changed in apt (Ubuntu): | |
| assignee: | Michael Vogt (mvo) → nobody |
| summary: |
- make net-update secure + make apt-key net-update secure |
| tags: | removed: rls-q-incoming |
| Changed in apt (Debian): | |
| status: | Unknown → New |
| Changed in apt (Ubuntu Quantal): | |
| status: | Triaged → Won't Fix |
| no longer affects: | apt (Ubuntu Quantal) |
| Changed in apt (Ubuntu): | |
| milestone: | quantal-updates → none |
To post a comment you must log in.

Here is a alternative approach for the net-update: /bugs.launchpad .net/ubuntu/ +source/ apt/+bug/ 857472/ comments/ 2
https:/