make apt-get stop bothering me about signatures
Andy
stude.list at googlemail.com
Tue Sep 2 19:01:15 UTC 2008
Paul Johnson wrote:
> There are 2 sites where I get deb packages but they authors do not
> sign them. I want apt-get to stop bugging me about the lack of
> signatures.
Apt does that for a good reason! Allowing unsigned packages
automatically presents an extremely serious security threat. Effectively
it could result in remote code execution at root level. There is no more
serious threat!
If someone intercepts the HTTP connection (depending what networks you
use this could be very easy to do), they could install anything they
liked, and run scripts with root privileges.
Having said this you could try passing the flag --allow-unauthenticated
to apt-get or set the option APT::Get::AllowUnauthenticated in apt.conf
(for details man apt.conf ).
However I must stress that it is extremely dangerous to permit
unauthenticated packages to be automatically installed. is if you are
entirely certain about the risks this poses and are willing to bear the
consequences.
Andy
More information about the ubuntu-users
mailing list