Well it seems that Ubuntu packages are not signed now either...
It's not (as always) not just to sign
We have to learn how to do it and set up the server and with a small crew you have to prioritise
And yes the Windows behaviour of just click OK on everything so you are certain to get a virus (in Windows) is a dangerous habit
Maybe time to do something ....
GPG signed packages in Mint Felicia?
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Re: GPG signed packages in Mint Felicia?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: GPG signed packages in Mint Felicia?
I should have written some packages appears as unsigned. It seems this happens to fewer packages with time, and I read something about it in an Ubuntu blog.... (or wiki)
-
- Level 1
- Posts: 33
- Joined: Wed Mar 25, 2009 7:47 am
Re: GPG signed packages in Mint Felicia?
Hi
I love Linux Mint and use the LiveCD extensively - good work !!
However I have major worries over your security setup, I decided to try Mint as my main distro but stopped the install when I discovered you don't sign your packages. I searched the forums and was surprised to see this is deliberate. I registered here to add to the discussion - and you sent my chosen user-id and password in clear text over the internet in an email!!
I realise you are a small team but I would like to suggest you either get a security consultant in or create a permanent position to review all these types of issues and make sure you are following best practice.
Thanks for all your efforts.
Alan
I love Linux Mint and use the LiveCD extensively - good work !!
However I have major worries over your security setup, I decided to try Mint as my main distro but stopped the install when I discovered you don't sign your packages. I searched the forums and was surprised to see this is deliberate. I registered here to add to the discussion - and you sent my chosen user-id and password in clear text over the internet in an email!!
I realise you are a small team but I would like to suggest you either get a security consultant in or create a permanent position to review all these types of issues and make sure you are following best practice.
Thanks for all your efforts.
Alan
Re: GPG signed packages in Mint Felicia?
The email is no problem - that is what generally happens in forums
The password is not sent unless you use the I have forgotten my password option (hope I'm right) but of course you immediately log in and change it
The unsigned repos - well Ubuntu does not sign everything now...
It is a minor security problem as long as you only have official repos enabled - hopefully we can keep our packages safe on the server, but it is something that is on the agenda
The password is not sent unless you use the I have forgotten my password option (hope I'm right) but of course you immediately log in and change it
The unsigned repos - well Ubuntu does not sign everything now...
It is a minor security problem as long as you only have official repos enabled - hopefully we can keep our packages safe on the server, but it is something that is on the agenda