Automatix?

Oliver Grawert ogra at ubuntu.com
Tue Mar 28 10:18:38 UTC 2006


hi,
Am Montag, den 27.03.2006, 21:52 +0100 schrieb 'Forum Post:
> It merely automates installation of packages like java, w32codecs with
> the the echo yes command because there are no GPG keys available from
> the repositories which they are downloaded and installed from. This is
> not definitely not a security concern because it does not pull any
> additional packages with itself which might prove to be a potential
> risk.
i'd consider a gpg signed repository with no available pubkey a very
serious security concern ... why dont you just use the right tools
(apt-key add) to add the right keys and make the whole thing half way
trustable ... ? 
(the PLF repo is signed and has a pubkey as well as christian marillat
has one he uses to sign his repos which is public available on the
keyservers...)

stating your script is safe over and over doesnt make it safer,
especially after such a paragraph like the above one ...

ciao
	oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060328/dbff1d18/attachment.pgp>


More information about the ubuntu-users mailing list