Enabled repositories in default install
John Skaller
skaller at users.sourceforge.net
Mon Jun 27 15:27:00 CDT 2005
On Tue, 2005-06-28 at 00:28 +1000, Jeff Waugh wrote:
> <quote who="Wouter Stomp">
>
> > Does anyone think it should not be enabled in the default install?? So far
> > it looks like most people agree with me...
>
> The maintainers, for a start. :-) It shouldn't be enabled by default because
> it is not security supported, and is not maintained to the standard that the
> main repository is held to. We want to ensure that users actively make the
> choice to enable this repository, so they know what they're in for.
Yup, and in Synaptic they get this anyhow:
"WARNING: You are about to install software that CANT BE AUTHENTICATED.
Doing this could allow a malicious individual to damage
or take control of your system."
I think this is actually a wrong message: any software
could do this, authentic or not.
In any case, why can't (at least some) stuff in universe
be authenticated? One package, I happen to know who
the DD is: it is certainly signed. Has Ubuntu lost the
signature, or is it simply that I don't have the
right keys to verify the signature that is actually
there? If the latter where do I get them? :-)
--
John Skaller <skaller at users dot sourceforge dot net>
Download Felix: http://felix.sf.net
More information about the ubuntu-devel
mailing list