Hello David,
On Sun, 2017-08-20 at 17:51 +0200, David Kalnischkies wrote:
> On Fri, Aug 18, 2017 at 04:33:01PM +0530, Ritesh Raj Sarraf wrote:
> > Currently, our approach has a flaw. It completely misses to
> > validate
> > the Packages files. Instead, just after verifying the Release file,
> > it
Hi,
(Input from apt devs was requested on IRC, so here you go – please CC me
if there is something you think I could help with. Note that I am not an
apt-offline user nor do I know how it works; I have just read the
package description)
On Fri, Aug 18, 2017 at 04:33:01PM +0530, Ritesh Raj Sarraf
Control: tag -1 +confirmed
Control: severity -1 serious
Control: tag -1 -moreinfo
THanks. I can reproduce the problem. We need to add validation for
contents mentioned in Release file. This would apply for the Packages
files etc.
Currently, our approach has a flaw. It completely misses to valida
Control: severity -1 normal
Control: tag -1 +moreinfo
Hello Stuart,
On Thu, 2017-08-10 at 23:17 +1000, Stuart Prescott wrote:
> apt-offline claims to do gpg validation of the contents of the zip
> file and
> claims that this is an important thing for it to do.
>
> --allow-unauthenticated
>
Package: apt-offline
Version: 1.7.2
Severity: serious
Tags: security
Dear Maintainer,
apt-offline claims to do gpg validation of the contents of the zip file and
claims that this is an important thing for it to do.
--allow-unauthenticated
Don't verify GPG signatures for the data t
5 matches
Mail list logo
