Closed tfoote closed 9 years ago
Still unclear why this changed but the patch looks good.
Apparently the lack of validation was a bug recently fixed: http://changelogs.ubuntu.com/changelogs/pool/main/a/apt/apt_0.8.16~exp12ubuntu10.17/changelog
apt (0.8.16~exp12ubuntu10.17) precise-security; urgency=low
* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
- warn if not authenticated in cmdline/apt-get.cc, added regression
test to test/integration/test-apt-get-source-authenticated,
test/integration/framework.
- CVE-2014-0478
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Jun 2014 14:12:19 +0200
When we deploy this we will need to reconfigure the release jobs.
Sounds good to me - the reconfigure will happen anyway once a day. Go ahead and deploy it shortly before the job.
Deployed a long time ago
This was hard coded to get things working quickly. It should be in the job template.
@dirk-thomas please review #202 fix