MEPIS Community Forum
A Linux operating system based on Debian Stable| View unanswered posts | View unsolved topics | View active topics | |
|
All times are UTC - 5 hours [ DST ] | It is currently Wed Jun 19, 2013 1:27 am |
|
Page 1 of 1 |
[ 4 posts ] |
| Print view | Previous topic | Next topic |
why there is no GPG key for community repository?
| Author | Message | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
MEPIS Novice  
|
Post # 298397
 why there is no GPG key for community repository?when i want to install a package from the CR repository, I encounter with a warning that say "you are about to install software that can't be authenticated!". really there is no GPG key for this repository?
|
|||||||||
| Sun Apr 08, 2012 11:00 am |
|
|||||||||
|
||||||||||
|
MEPIS Guide   Joined: Wed Jul 12, 2006 4:05 pm Posts: 2265 Location: Pinellas Park, FL Has thanked: 66 times Have thanks: 1208 times
|
Post # 298399
Re: why there is no GPG key for community repository? That's right.
When the current CR was originally set up the decision (which I wasn't part of at the time) was made not to sign it. Given its structure there wasn't a way to sign it that actually made it more secure - although signing it would make it appear to be so. All the packages are signed by the packagers and that is checked when packages are added to the repos. Since the mepis-deb.org servers are not where the packages are processed, and they're just serving static files with no active content it would be relatively hard to hack in and insert a malicious program + update all the Package files to make it available without breaking the repo. And it would disappear at the next update. With what I know about the way repositories & signing work, I wouldn't trust the CR any more if it was signed. Whether you choose to trust the Community Repositories is, of course, up to you. _________________ XFX Nforce 750 (built in GeForce 8300), Athlon X2 5000 Lenovo G550 , Intel T4400 , Intel Mobile 4 graphics |
|||||||||
| Sun Apr 08, 2012 11:38 am |
|
|||||||||
|
||||||||||
|
MEPIS Novice
|
Post # 298440
Re: why there is no GPG key for community repository? I think it is better, be mentioned in related wiki. however thanks for help.
|
|||||||||
| Sun Apr 08, 2012 11:50 pm |
|
|||||||||
|
||||||||||
|
MEPIS is cool!   Joined: Fri Oct 17, 2008 8:19 pm Posts: 790 Location: Okinawa, Japan Has thanked: 98 times Have thanks: 140 times
|
Post # 298444
Re: why there is no GPG key for community repository? [Solved]
Good suggestion! I added it to wiki using Tim's explanation as basis: http://www.mepis.org/docs/en/index.php? ... y#Packages Cheers |
|||||||||
| Mon Apr 09, 2012 4:06 am |
|
|||||||||
|
|
Page 1 of 1 |
[ 4 posts ] |
|
All times are UTC - 5 hours [ DST ] | It is currently Wed Jun 19, 2013 1:27 am |
Who is online |
Users browsing this forum: mipak and 1 guest |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum |