Downloaded .deb safe?

Myriam Schweingruber schweingruber at
Sun Apr 13 13:17:35 UTC 2008

On 13/04/2008, Martin Laberge <mlsoft at> wrote:
> On Saturday 12 April 2008 14:48:31 Nigel Ridley wrote:
>  > How does one make sure that a downloaded .deb is safe? I mean, how does one make sure that
>  > there are no malicious payloads etc.?
>  > The file in question is the winff-0.41-i386.deb downloaded from:
>  >
>  >
>  > It looks like a very useful app (for my daughter's 'chipod' (Chinese MP4)) but I want to
>  > make sure it is safe before installing it.

Well, one should at least point out that if you use the official
sources of a distribution, the packages usually are signed, which adds
a level of trust. This simply means that the package has indeed been
uploaded to the archive by an "official". As the signature is a
GPG-Key, it's most unlikely that this file has been corrupted by any
other person than the signer.

All packages in the official Ubuntu and Debian archives are signed, so
it really is not necessary to worry too much for these :)

Now, anything coming from the outside is indeed far more risky...


Protect your freedom, join the Fellowship of FSFE!
Please don't send me proprietary file formats,
use ISO standard ODF instead (ISO/IEC 26300)

More information about the kubuntu-users mailing list