|
|
|
|
|
|
by finnn
4155 days ago
|
|
|
I'm fairly certain there's some protection against that sort of attack. A quick google brings me to [1] which seems to indicate that the Release file has a 7-day expiration period. Having apt connect over unencrypted HTTP allows for caching options that npm doesn't. It's also not dependant on the shitty SSL CA system. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499897 |
|
|