"Reported on 2008-01-24" and not a single response from any ubuntu developer or Security Team member about this?
All packages are built on the normal build servers. I really can't see any reason for it to be hard to get ddebs.ubuntu.com signed, either by the standard archive key or a separate one. Two big problems with the current situation: 1. Many Ubuntu developers is probably using ddebs.ubuntu.com. I really don't like developers of the distribution I use to get malicious packages installed. 2. Users will be told to enable this repository to help triage bugs. This teaches them that it is OK to ignore security warnings from APT. The second problem is of course the same when using PPAs. But there the problem is harder to solve, and is beeing discussed in bug #125103. -- sign the repository at ddebs.ubuntu.com https://bugs.launchpad.net/bugs/185625 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs