[CoLoCo] Possibly Stupid Ubuntu Question
Kevin Fries
kfries6 at ovi.com
Sat Dec 5 22:51:32 GMT 2009
Ringo,
Apt will indeed upgrade from a third party repo if it is labeled as a newer version. This is on purpose. To stop that behavior google "debian apt pinning" I am not at my desk, so I can't check that exact search, but it should get you on the right path.
HTH
Kevin
-----Original Message-----
From: Ringo
Sent: 12/05/2009 3:37:53 PM
Subject: [CoLoCo] Possibly Stupid Ubuntu Question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Ubunteros,
I have a quick question. I have the main Ubuntu repositories enabled as
well as some third party ones for other software I have. All of them use
pgp signatures to verify the downloads.
When Ubuntu looks for upgrades, one could theoretically put a backdoored
version of an upgrade (with a higher than possible version number) in
one of these third party repositories (or the community repos). If I
originally installed software from the official Ubuntu repos, is it
possible that apt would upgrade from a non-official one? If so, how
could I stop this and/or is there a way to see in synaptic/other
programs where the upgrades are coming from?
Thanks,
Ringo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksa4MEACgkQETpif9i/srr8VACeOp9MerMJ01EBbiBysBK1dCaz
qXIAnRq1qb0rxZLGRIOxDj1MSlhc20L/
=MvEa
-----END PGP SIGNATURE-----
--
Ubuntu-us-co mailing list
Ubuntu-us-co at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
--------------------------------------------------------------
Ovi Mail: Being used by users in 178 countries
http://mail.ovi.com
More information about the Ubuntu-us-co
mailing list