Validate-apt-version task may not be needed on Focal #5955
Projects
Comments
|
Thanks, @rocodes. You're right, we can safely remove that code now. Ideally we'd be able to use HTTPS across the board for all apt repos, to be a bit more defensive against similar vulnerabilities in the future, but many of the Canonical repos are still HTTP-only. The FPF apt repo is already HTTPS, and will remain so. |
eloquence
moved this from Next sprint candidates
to Near Term - SecureDrop Core
in SecureDrop Team Board
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
validate-apt-version, which is named as a Xenial task, runs on Focal installs:https://github.com/freedomofpress/securedrop/blob/012d30e8baeb8ffa7c10a56f4b43c464abf87cf7/install_files/ansible-base/roles/install-fpf-repo/tasks/validate_apt_version.yml
According to https://nvd.nist.gov/vuln/detail/CVE-2019-3462, the versions of
aptthat ship with Ubuntu 20.04 are not affected, so it looks like we can stop running this check.Steps to Reproduce
./securedrop-admin installon Focal 20.04 serversComments
check
when: ansible_distribution_release == 'focal'or remove entirely as we phase out xenial codeThe text was updated successfully, but these errors were encountered: