Enabled repositories in default install
John Skaller
skaller at users.sourceforge.net
Mon Jun 27 16:26:21 CDT 2005
On Mon, 2005-06-27 at 22:45 +0200, Dennis Kaarsemaker wrote:
> On di, 2005-06-28 at 06:27 +1000, John Skaller wrote:
> > "WARNING: You are about to install software that CANT BE
> > AUTHENTICATED.
> > Doing this could allow a malicious individual to damage
> > or take control of your system."
>
> This warning will *not* be caused by Universe packages, only by packages
> from 3rd party repositories.
>
> All Ubuntu packages, including universe and multiverse are signed.
Can you explain further please? What do you mean by
'3rd party repositories'?
I am using an Ubuntu mirror provided by my ISP.
This is not the official mirror in my location.
I get no warning on 'main' packages but I do get it
on at least some universe packages, including 'dia'
and 'ocaml-tools'.
I would guess 'third party repository' meant
some arbitrary debian like structure put up on
some machine by some arbitrary person.
In any case, authentication should still be
possible for such a repository if the appropriate
keys are available .. so how are the keys used
to authenticate package downloads obtained/configured?
--
John Skaller <skaller at users dot sourceforge dot net>
Download Felix: http://felix.sf.net
More information about the ubuntu-devel
mailing list