Reality check:
that means that all source packages received via 'apt-get source' are not
trusted by Ubuntu clean installation ?
Is there a safe way to get full public key (not short unsafe keyid) for
a source package then?
Thanks
** Summary changed:
- 'linux' source package signature is not va
Julian, do you have any ideas how this could be handled better? I'm
short on ideas here. The gpgv output seems useful but it's also
potentially misleading.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
Thanks for the bug report.
This isn't as dire as it looks:
APT's security model is based on signed InRelease files that have
sha256sums of all archive contents. In this case, the InRelease file
will have a sha256sum for one of the Sources files, and that file will
have a sha256sum for the linux s
** Information type changed from Private Security to Public Security
** Package changed: ubuntu => apt (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1649097
Title:
4 matches
Mail list logo