5 years since bug initially reported...
I had a look at the code and compared it with some real signed repositories and
it looks to me that:
1) The directory structure should be deeper. It looks like there should be a
real binary-i386 (or whatever) directory
2) The make_release_file() function makes a stub release file (based on overall
configuration) which is fine in the binary-i386 directories, but in the top
level this should then be updated later on and never is.
3) That updating could be done with
system("apt-ftparchive release . >> Release") from the top level directory
4) That top level directory needs to be signed, if the repository is going to
be trusted by apt-get/synaptic/etc.
5a) Ideally To reduce the potential window for malicious versions being
inserted and then signed, then there should be a verification of the checksums
in the previously-existing Packages file(s) before it's replaced by
apt-ftparchive (only newly built packages should have changed)...
5b) Also, of course, the previously existing Packages files should have their
checksums verified against the top level Release file and the previously
existing Release file should be verified against the signature.
David
---- Content & Policy Scan by M+ Guardian ----
Millions of safe & clean messages delivered daily
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
