On Fri, May 7, 2010 at 3:17 PM, Denis A. AltoƩ Falqueto <denisfalqueto@gmail.com> wrote:
I was thinking about something like that, I would choose something like 5 or 7 days. This would give a window of attack of at most 7 days and would give enough time to the mirrors to sync. So, if some package has a known vulnerability, it would be exploitable by replay attack only for the last 7 days. After that, the repo.db would expire and the user would have to download a new one (say, if the mirror is compromised, it would be an indication of that). If the repository activity is really low, it would require a new repo.db being resigned each 5 or 7 days.
Just one more note. GnuPG already embeds the current date and time on the signature. So, counting on the correct time on the dev's machines, we could rely on that to do the check. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------