fslint on Kub 20.04?
Ralf Mardorf
kde.lists at yahoo.com
Mon Aug 23 16:24:59 UTC 2021
On Mon, 23 Aug 2021 18:18:13 +0200, Ralf Mardorf wrote:
>Don't edit the apt source list. Download the packages with wget or curl
>and install them using apt. Maybe "apt install URL" works, too.
>
>However, changing the mirror gains nothing. The versions that work for
>other aren't from any still supported Ubuntu release, let alone that
>edited repositories are way more dangerous than installing the packages
>from a local path.
Maybe I'm mistaken here.
Using an old release repository, if possible at all, on a temporary
basis, to just install the wanted packages, could solves the signed
checksum issue. So editing the source list might be more secure.
But the CVE issue still remains.
Do you make backups of your complete install? That's what I'm doing and
what I recommend to do, before doing an experiment.
>
>http://mirror.ip-projects.de/ubuntu/pool/universe/p/pygtk/python-gtk2_2.24.0-6_amd64.deb
>http://mirror.ip-projects.de/ubuntu/pool/universe/p/pygtk/python-glade2_2.24.0-6_amd64.deb
>...
>
>Or see
>https://www.codegrepper.com/code-examples/shell/Package+%27fslint%27+has+no+installation+candidate
>for http://old-releases.ubuntu.com/ubuntu/pool/universe/p/pygtk/
>...
>
>Can of worms:
>https://towardsdatascience.com/installing-multiple-alternative-versions-of-python-on-ubuntu-20-04-237be5177474
>https://wiki.archlinux.org/title/python
>
>You probably want to check the packages against a signed checksum, but
>doing this opens another can of worms.
>
>TL;DR
>https://blog.packagecloud.io/eng/2014/10/28/howto-gpg-sign-verify-deb-packages-apt-repositories/
>You probably only can verify the source. IOW if the source is ok, you
>need to build the package.
>
>Assuming there's no issue with installing the packages and no issue
>using multiple versions of python, you still need to ensure that the
>packages you want to install were not manipulated. If they aren't
>manipulated, then you need still to check the software versions against
>Common Vulnerabilities and Exposures.
>
>https://cve.mitre.org/find/search_tips.html
More information about the ubuntu-users
mailing list