On Sun, Jun 05, 2005 at 10:29:33AM +0200, Eduard Bloch wrote: > #include <hallo.h> > * Paul Hampson [Sun, Jun 05 2005, 12:09:17PM]: > > Package: apt-cacher > > Version: 0.9.4 > > Severity: normal
> > My cron.daily outputs: > > /etc/cron.daily/apt-cacher: Someone is cheating, bad filename found: > > physics.muni.cz_‾yeti_Ftp_enca_all_Packages.gz at > > /usr/share/apt-cacher/apt-cacher-cleanup.pl line 86. > > This means the rest of apt-cacher-cleanup doesn't run, since the error > > is a 'die'. > You can delete that line. Previous versions did not have any > security/obscurity checks either. OK, I'll do that. > Unfortunately, there is AFAICS no good method to ensure that no user > poisons the cache with bad .gz/.bz2 files (on the one hand) and not > becoming to0 paranoid on the other hand (checking .gz files by checksums > and signatures, the whole chain) without creating limitations for users. You could punt to the apt-secure project. ^_^ I imagine those who consider themselves at risk wouldn't trust anything less anyway, and I imagine that apt-cacher is transparent to apt-secure's checking. -- Paul "TBBle" Hampson, [EMAIL PROTECTED] 7th year CompSci/Asian Studies student, ANU Shorter .sig for a more eco-friendly paperless office.
pgpCl7SGaErEj.pgp
Description: PGP signature
