trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: May 2015

Re: [trinity-users] Can we have a mention of Slávek's repository on the web-site?

From: Ken Heard <kenslists@...>
Date: Tue, 12 May 2015 09:36:42 -0400
On 2015-05-11 23:32, Michael . wrote:
> Ken in Debian and its derivatives keys are a security feature that
> indicates the signer of the key is the person or organisation who
> packages what you are downloading. If you install packages without a key
> it could be suggested you don't know who packaged it or if it has been
> modified from the original package.
>
> Lisi is correct in her statement "safety is as safety does" in that if
> you are happy to download packages you believe are packaged by Slavek or
> Tim or anyone else involved with Trinity without a signed key to check
> it against then you take it upon yourself to ensure the package is what
> it is supposed to be. If you want the extra layer of security then it is
> always wise to have the key and let apt do its job confirming the
> package against the key for the person or organisation that packaged it.

The only reason I was even thinking of downloading packages without 
authentication was because I could not download the key.  Now, with help 
from Lisi and Slávek, I have the key and can now download the R14.0.1 
packages with perfect impunity.

Regards, Ken