[Bug 1013681] Re: make apt-key net-update secure
Brian Murray
brian at ubuntu.com
Wed Sep 12 17:40:24 UTC 2012
>From #ubuntu-meeting on 2012-09-12:
08:43 < mvo> cjwatson: it will require a server side change
08:43 < mvo> cjwatson: if you guys are happy with the new proposed schema we can
upload (once the server side is updated)
08:43 < mvo> but I (much) agree we should not rush this :) it caused enough pain
already :/
08:45 < cjwatson> Of course I can't help with the server side change at the moment
because we don't have our sudo access back yet on pepo
08:45 < cjwatson> You'll probably have to ask webops
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
Status in “apt” package in Ubuntu:
Triaged
Status in “apt” source package in Quantal:
Triaged
Bug description:
Attacks are being performed against the 'apt-key net-update' command
and it is not considered secure. While it is in the process of being
disabled in Ubuntu, it should be improved to be secure.
References:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/857472
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639
http://seclists.org/fulldisclosure/2011/Sep/222
http://seclists.org/fulldisclosure/2012/Jun/267
http://seclists.org/fulldisclosure/2012/Jun/271
http://seclists.org/fulldisclosure/2012/Jun/289
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681/+subscriptions
More information about the foundations-bugs
mailing list