On Monday 23 October 2006 13:34, Duff Mckagan wrote:
Thanks. But what are the disadvantages of not checking signatures?
No evidence of origin. Viruses, trojans, backdoors, spyware, if just one of the servers you use to install from gets hacked, you will install whatever the hackers put your way. With signature checking, this wouldn't happen. But over the past couple of years I've come to understand that most people are just too lazy for real security, which is why the common answer to your question is "disable the security check" If you were afraid of losing the key to your house, would the solution be to remove the lock from the door? Metaphorically speaking, that is what you did by disabling the signature check Oh, and just blindly installing some rpm containing keys, and then trusting everything signed by those keys can be likened to handing out the key to your house to anyone who asks for it.