Zandronum Chat @
Get the latest version: 3.0
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003606Site[All Projects] Documentationpublic2019-02-07 15:332019-02-11 14:39
Assigned ToBlzut3 
PlatformOSOS Version
Summary0003606: instructions fetch the repository signing key over insecure HTTP
DescriptionThere's a thing called "DRD Team Debian Package Repository", and its index page has instructions on how to use the repository.

One of the instructions is flawed. I think wget should fetch the repository signing key using the https:// scheme (over TLS), instead of insecure http:// scheme. Not doing so gives more doorway to plausible MITM-attacks, undermining the apt-secure(8) infrastructure.

https:// is already supported, so this is not really a security category issue per-se.
Steps To Reproduce
Quote from
To use, use the following command or add the "deb ..." line to your /etc/apt/sources.list:

$ wget -O- [^] | sudo apt-key add -
$ sudo apt-add-repository 'deb [^] stable multiverse'
Attached Files

- Relationships

-  Notes
User avatar (0020345)
WubTheCaptain (reporter)
2019-02-07 15:35

Retitle: " instructs to fetch the repository signing key over insecure HTTP scheme"
User avatar (0020364)
WubTheCaptain (reporter)
2019-02-11 14:39

Also, [^] but don't care to make a new issue.

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2019-02-07 15:33 WubTheCaptain New Issue
2019-02-07 15:35 WubTheCaptain Note Added: 0020345
2019-02-10 07:12 Blzut3 Status new => resolved
2019-02-10 07:12 Blzut3 Resolution open => fixed
2019-02-10 07:12 Blzut3 Assigned To => Blzut3
2019-02-11 14:39 WubTheCaptain Note Added: 0020364
2019-02-11 14:39 WubTheCaptain Status resolved => feedback
2019-02-11 14:39 WubTheCaptain Resolution fixed => reopened

Questions or other issues? Contact Us.


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker