Mailinglist Archive: opensuse (3139 mails)

< Previous Next >
Re: [SLE] Cannot install Unsigned Packages using apt-get.
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Mon, 23 Oct 2006 17:08:05 +0000 (UTC)
  • Message-id: <200610231907.41658.andjoh@xxxxxxxxxx>
On Monday 23 October 2006 13:34, Duff Mckagan wrote:
> Thanks. But what are the disadvantages of not checking signatures?

No evidence of origin.

Viruses, trojans, backdoors, spyware, if just one of the servers you use to
install from gets hacked, you will install whatever the hackers put your way.
With signature checking, this wouldn't happen.

But over the past couple of years I've come to understand that most people are
just too lazy for real security, which is why the common answer to your
question is "disable the security check"

If you were afraid of losing the key to your house, would the solution be to
remove the lock from the door? Metaphorically speaking, that is what you did
by disabling the signature check

Oh, and just blindly installing some rpm containing keys, and then trusting
everything signed by those keys can be likened to handing out the key to your
house to anyone who asks for it.


< Previous Next >
Follow Ups