Opened 6 years ago

Closed 6 years ago

#9810 closed defect (fixed)

use Valid-Until field to prevent downgrade attacks for deb.torproject.org

Reported by: proper Owned by: weasel
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Keywords:
Cc: weasel Actual Points:
Parent ID: #1869 Points:
Reviewer: Sponsor:

Description

To prevent downgrade and stale mirror attacks against deb.torproject.org, please use the Valid-Until field.

Since you are using reprepro, you can add in your conf/distributions file

ValidFor: 2w

(Or ValidFor: 4w or 1m.) under every instance of "Label:" or so.

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by proper

Parent ID: #1869

comment:2 Changed 6 years ago by weasel

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.