Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > So for some existing version Y of notmuch, if an attacker takes > notmuch-Y.tgz and notmuch-Y.tgz.asc and renames them both to > notmuch-Z.tgz and notmuch-Z.tgz.asc, they can make it look like a new > version (version Z) of notmuch is available! The only way to detect the > attack is to store a log of timestamps of previous releases, and try to > compare timestamps (though this itself can be confusing and wrong if we > were to maintain multiple branches concurrently). This permits a > "rollback" or "version freeze" attack, which we probably don't want to > encourage. OK, so apparently this is a problem for almost every project, including GnuPG? That's mildly terrifying... I don't mind either way, but it does seem like there is a tradeoff, since with the previous version I suspect many people are just not verifying the signature (e.g. can uscan in debian handle the sha256sum scheme?). d _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch