GPG signed packages in Mint Felicia?

[Husse]

Well it seems that Ubuntu packages are not signed now either...
It's not (as always) not just to sign
We have to learn how to do it and set up the server and with a small crew you have to prioritise
And yes the Windows behaviour of just click OK on everything so you are certain to get a virus (in Windows) is a dangerous habit
Maybe time to do something ....

[Husse]

I should have written some packages appears as unsigned. It seems this happens to fewer packages with time, and I read something about it in an Ubuntu blog.... (or wiki)

[deep64blue]

Hi

I love Linux Mint and use the LiveCD extensively - good work !!

However I have major worries over your security setup, I decided to try Mint as my main distro but stopped the install when I discovered you don't sign your packages. I searched the forums and was surprised to see this is deliberate. I registered here to add to the discussion - and you sent my chosen user-id and password in clear text over the internet in an email!!

I realise you are a small team but I would like to suggest you either get a security consultant in or create a permanent position to review all these types of issues and make sure you are following best practice.

Thanks for all your efforts.

Alan

[Husse]

The email is no problem - that is what generally happens in forums
The password is not sent unless you use the I have forgotten my password option (hope I'm right) but of course you immediately log in and change it
The unsigned repos - well Ubuntu does not sign everything now...
It is a minor security problem as long as you only have official repos enabled - hopefully we can keep our packages safe on the server, but it is something that is on the agenda