make apt-key net-update secure
Bug #1013681 reported by
Jamie Strandboge
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Debian) |
New
|
Unknown
|
|||
apt (Ubuntu) |
Triaged
|
High
|
Michael Vogt |
Bug Description
Attacks are being performed against the 'apt-key net-update' command and it is not considered secure. While it is in the process of being disabled in Ubuntu, it should be improved to be secure.
References:
https:/
https:/
https:/
http://
http://
http://
http://
Related branches
visibility: | private → public |
Changed in apt (Ubuntu): | |
assignee: | nobody → Michael Vogt (mvo) |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: rls-q-incoming |
Changed in apt (Ubuntu): | |
assignee: | Michael Vogt (mvo) → nobody |
summary: |
- make net-update secure + make apt-key net-update secure |
tags: | removed: rls-q-incoming |
Changed in apt (Debian): | |
status: | Unknown → New |
Changed in apt (Ubuntu Quantal): | |
status: | Triaged → Won't Fix |
no longer affects: | apt (Ubuntu Quantal) |
Changed in apt (Ubuntu): | |
milestone: | quantal-updates → none |
To post a comment you must log in.
Here is a alternative approach for the net-update: /bugs.launchpad .net/ubuntu/ +source/ apt/+bug/ 857472/ comments/ 2
https:/