* Eugene V. Lyubimkin: >> If it uses the real-time clock, it doesn't fix the issue because our >> users typically haven't got a secure time source.
> Yes, it does. I doubt that apt has something else that can be > treated as more secure (time?) source. At the very least, apt could check that the signature (or the Valid-Until field) does not go back in time. However, this has serious potential for shooting is in our collective feet (think what happens if we accidentally publish something Valid-Until 2038), so I'm not sure if it's acceptable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
