Package: ftp.debian.org Tags: security X-Debbugs-CC: debian-release@lists.debian.org
Hi, Nowadays the Release files for the *stable releases do not have a Valid-Until field. >From a security POV, this could allow a replay attack to be performed on the main stable repositories, which could prevent a user from getting some security updates. Would it be possible to have such a valid-until field with a duration of, say, four months? Given the trend of doing point updates every few months, the date could be renewed only at point release time. Release team: would that be ok for you? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
