LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Study: Attacks on package managers

Study: Attacks on package managers

Posted Jul 15, 2008 7:02 UTC (Tue) by MattPerry (guest, #46341)
In reply to: Study: Attacks on package managers by k8to
Parent article: Study: Attacks on package managers 

> Sometimes, however, this error indicates a "problem" such as not
> bothering to run update for a few weeks and the key has expired.

Are the keys really being regenerated that quickly?  What is the reason for doing that rather
than keeping a key for a long time?

I wonder if that might have something to do with my problem.  I usually don't update my
servers unless I see a post on the security-announce lists indicating that there's an update
for a package that I use.  I can sometimes go for a month or two (or more) before running
apt-get update.  The Ubuntu system that I was attempting to upgrade today was last powered on
sometime in May.

> How will you identify a real security issue in the noise?

I agree.  Right now it seems like "the boy who cried wolf."

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds