LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-12-2015, 03:42 PM   #1
BJ292
LQ Newbie
 
Registered: Feb 2015
Posts: 3

Rep: Reputation: Disabled
Spotify - Public Key


Following the instructions on the spotify site to install on ubuntu/debian it says:

# 2. If you want to verify the downloaded packages,
# you will need to add our public key
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 94558F59


It's a reputable site so I did it and everything works ok.

Would this be a risky action at a less reputable site or is it more risky not to add the public key?
 
Old 03-12-2015, 08:44 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
The key allows you to verify that a package was signed off on by the owner of the key. If you do not trust the key owner, you should not be installing packages from them. Remember a package installation script runs as root, so it can do literally anything to your machine. So, I'd say that yes, there would be a massive risk in importing a key from someone you did not trust.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 01:19 PM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 03:20 AM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 06:00 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 05:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration