Richard Bos wrote:
Op zondag 21 maart 2004 20:15, schreef Jerome Lyles:
I have a similar problem. Using apt-get, I can see that there are signature problem. I posted a question on this mailing list. Ricard Bos suggested me to use "apt --no-checksig install xxx" where xxx is the package to be installed and that works fine. But it of course not nice that synaptic does not work anymore
I thought it synaptic was broken, it isn't. The latest version doesn't tell you what the problem is. I reinstalled synaptic-0.47-rb2 and found out there is a signature problem. I don't understand why they changed synaptic-0.48-rb2 so that it doesn't report problems. This newest version is less useful than the previous one.
Can you install pkgs with the 0.48 version that don't have a signature problem?
Can anyone clarify why packages aren't aren't allways signed?
Because the packagers does not do it. Is that bad, don't know. They do it in their spare time....
Is it a security risk to load packages without a proper signature?
Yes and no. You did it all the time before, without questioning. With signature you know for sure that pkg comes from the pkgs that signed the pkg. However, he may still have a troyened system, that could damage yours....
Can I use synaptic with the --no-checksig option?
Try, but I don't think so....
Did you try this, it works for me; The Configuration item RPM::GPG-Check can be set to false in the file /etc/apt/apt.conf.d/gpg-checker.conf (make true -> false) if you don't want to check the rpm integrity. The plugin scripts are located at: /usr/lib/apt/scripts/ Suc6 GJ