Security implications?

Asked by justinsb

I think the squid deb proxy combined with zeroconf is a brilliant idea. I have a question about security: presumably with zeroconf anyone on my network could advertise a proxy; I know that everything is GPG signed, so there's no (realistic) risk of getting fake packages, but presumably an attacker could still serve old repositories with known vulnerabilities (?)

Is there a way to force the request for the 'Release' file to go to an official ubuntu server (ideally over https), while still downloading every other file from the proxy?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu squid-deb-proxy Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

submit suggestions on:
http://brainstorm.ubuntu.com

or log a bug

Revision history for this message
justinsb (justin-fathomdb) said :
#2

Converted to Bug #756939 per request

Can you help with this problem?

Provide an answer of your own, or ask justinsb for more information if necessary.

To post a message you must log in.