* Adam D. Barratt <a...@adam-barratt.org.uk>, 2014-06-23, 14:24:
* Christoph Anton Mitterer <cales...@scientia.net>, 2014-06-22, 04:34:
There are a few mechanisms to mitigate downgrade attacks within
the archive:
* Valid-Until fields in the Release files;
I still think the time spans are far too long here...
For the record, the validity periods currently are:
[...]
can someone please tell me against what I could report a bug (i.e.
politely ask for enhancement by making the time span much
smaller)?
My guesses would be:
"reportbug ftp.debian.org" for unstable and experimental;
"reportbug release.debian.org" for testing, (old)stable and their
(proposed-)updates;
team@security.d.o for the security.d.o archive;
debian-lts@lists.d.o for squeeze-lts.
Those are all dak configuration, so controlled by ftpmaster.
I don't doubt it. :-) What I doubt is that ftp-masters would be willing
to alter the configuration without blessing of the respective teams. But
I could be wrong, of course.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140623170043.gb6...@jwilk.net
