Enabled repositories in default install

Mon Jun 27 16:35:07 CDT 2005

On di, 2005-06-28 at 07:26 +1000, John Skaller wrote:
> On Mon, 2005-06-27 at 22:45 +0200, Dennis Kaarsemaker wrote:
> > On di, 2005-06-28 at 06:27 +1000, John Skaller wrote:
> > > "WARNING: You are about to install software that CANT BE
> > > AUTHENTICATED.
> > > Doing this could allow a malicious individual to damage
> > > or take control of your system."
> > 
> > This warning will *not* be caused by Universe packages, only by packages
> > from 3rd party repositories.
> > 
> > All Ubuntu packages, including universe and multiverse are signed.
> 
> Can you explain further please? What do you mean by 
> '3rd party repositories'?

See below.

> I am using an Ubuntu mirror provided by my ISP.
> This is not the official mirror in my location.
> 
> I get no warning on 'main' packages but I do get it
> on at least some universe packages, including 'dia'
> and 'ocaml-tools'.

I get no warnign for both (or other universe packages), so your mirror
must have messed things up or you are missing some keys from your APT
keyring.

> I would guess 'third party repository' meant 
> some arbitrary debian like structure put up on
> some machine by some arbitrary person.

Indeed.

> In any case, authentication should still be
> possible for such a repository if the appropriate
> keys are available .. so how are the keys used
> to authenticate package downloads obtained/configured?

The apt-key tool manages the APT trusted keyring. Run it without
arguments for a quick glance at the possibilities, read the manpage for
more info.
-- 
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050627/c72dc183/attachment.pgp