Re: apt repository on gwdg.de contains unsigned rpms
From: Tom (tom_at_nowhere.org)
Date: 03/16/04
- Next message: Andreas Schroeder: "Suse 8.2 with new 2.6.3-Kernel"
- Previous message: George Litos: "Re: how to keep gnome window settings in KDE"
- In reply to: Timur: "apt repository on gwdg.de contains unsigned rpms"
- Next in thread: Timur: "Binary RPMs & trust (was apt repository on gwdg.de contains unsigned rpms)"
- Reply: Timur: "Binary RPMs & trust (was apt repository on gwdg.de contains unsigned rpms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 16 Mar 2004 11:14:00 +0000
Timur wrote:
> Dear All,
>
> I found out recently that there is an increasing number of RPMs in apt
> repository on gwdg.de which are not signed. This generates two issues:
>
> a - packages cannot be installed via apt (latest apt/apt-libs/synaptic
> refuse to install unsigned RPMs)
>
> b - potentially VERY important - we could risk a situation similar to
> debian where compromised packages (i.e. with Trojan horses) are spread
> on our Linux systems
>
> Is there any reason for having unsigned packages? Is there a risk of a
> compromise of our repository?
>
> Maybe I'm too paranoic? Can the maintainer of those package start to
> sign the RPMs once again?
>
> regards,
> Timur
I realise this doesn't solve the main problem of unsigned packages but if
you do want apt to install them then edit this file:
/etc/apt/apt.conf.d/gpg-checker.conf
Change the relevant line to read:
RPM::GPG-Check no;
Cheers,
Tom
- Next message: Andreas Schroeder: "Suse 8.2 with new 2.6.3-Kernel"
- Previous message: George Litos: "Re: how to keep gnome window settings in KDE"
- In reply to: Timur: "apt repository on gwdg.de contains unsigned rpms"
- Next in thread: Timur: "Binary RPMs & trust (was apt repository on gwdg.de contains unsigned rpms)"
- Reply: Timur: "Binary RPMs & trust (was apt repository on gwdg.de contains unsigned rpms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
