'Yiyi50' via qubes-users:
> I'm running qubes 4.0 on a Purism Librem 13 v4. I've installed updates for my
> templates without necessarily reading everything in the terminal before
> clicking "y". How concerned should I be of having inadvertently installed an
> unsigned package? Is there a command i can run to check the signatures on all
> my installed packages? I should mention that I'm relatively new to linux and
> qubes. How common is the installation of unsigned packages in Fedora or
> Debian? Does the qubes team audit/review all template updates?
>
If you haven't gone out of your way to add repos to your templates, you
would be using the default repos, which require signed packages. Your
chances are basically nil. No-one from Qubes audits updates that are not
from Qubes (with the possible exception here or there for security
critical ones like Xen); that is up to the maintainers of packages in
each distribution (Fedora/Debian).
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a15600bc-54f0-cdbe-2aa4-6debc0ce3a40%40danwin1210.me.
