Study: Attacks on package managers

`X' days doesn't work for any fixed value of X. A better check is to check 
that the package date is not much older than the last time you downloaded 
a set of updates which should have included that package (`much' 
introduced to allow time for the package to be uploaded, inter-mirror 
propagation delays, et al).

Downside: this means that after Debian's ftpmasters sit on a package for 
five hundred years they have to get it re-signed before putting it into 
the repo ;) and I'm not sure what implications it has for 
automatically-promoted repositories such as Debian testing: perhaps the 
Date header should be updated, and the signing repeated, by the (trusted) 
software with a silly name which does the promotion (I can't remember that 
name right now, it always drops out of my head). If attackers take *that* 
over, we're all dead anyway.

(sorry for the jab at ftpmasters gone, I couldn't resist ;} )