No, I'm pretty sure the auth key is a big deal. I am almost certain it is in previous Trisquel versions. I am traveling at the moment so I can't check.

Correct me if I am wrong but I believe the key works in a very similar (or exactly similar) way to GPG. The key signs each package so that if you download a packge if it was altered somehow (maybe by a malicious third-party) you would be notified. With no signing key loaded in the system you could be recieving malicious packages.

IMO this is actually pretty serious and someone might want to notify quidam either via IRC or via the [devel mailing list] (like I said I'm traveling and I don't have my email setup here)

Reply via email to