Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-18-2006, 10:37 PM   #1
Mountain Man
Registered: Jul 2006
Distribution: Ubuntu 11.10 (desktop), lubuntu 11.10 (netbook)
Posts: 73

Rep: Reputation: 15
How concerned should I be about Mepis not authenticating standard repositories?

I recently started using SimplyMepis (latest, V 6.1 I think), and am really impressed. However, when I use Synaptic to add software I always get a warning that the packages can't be authenticated. I searched on this and found a thread on the mepis lovers forum about it. In general they don't seem too worried about it, and it sounds like this is not a "bug", but that the distro doesn't use authentication. However, there are are pointers and a link to a debian article showing how to manually add the keys yourself.

I'm very tempted to not worry any further about this since I am only using the repositories that were activated by default. Am I wearing rose colored glasses here?
Old 10-20-2006, 06:59 AM   #2
Registered: Jan 2004
Location: Duesseldorf /Germany
Distribution: Gentoo amd64 / Debian
Posts: 226

Rep: Reputation: 30

these keys are there for a reason:
It is to make sure that your Synaptic / Updater Software only installs known good software.
This also means that you are using an authenticated repository and that the signature is still valid.

If you chosse to ignore these warnings there is a slight chance that you get forged installtion packages.

As allways, it is your choise.
Importing the keys, may seem a litle bit difficult, but is sure is the best way.

Fundamental Thruth in IT:
"Fast, easy, secure.
Choose any two out of three."

Happy Hacking

Old 10-20-2006, 04:49 PM   #3
Mountain Man
Registered: Jul 2006
Distribution: Ubuntu 11.10 (desktop), lubuntu 11.10 (netbook)
Posts: 73

Original Poster
Rep: Reputation: 15
Thanks Huibert

You have convinced me. I'll spend some time on this over the weekend.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
broken MEPIS after update, looking for new "stable" repositories - any ideas? lefty.crupps MEPIS 5 09-29-2005 04:21 PM
Does MEPIS use straight up Debian repositories? Erik_the_Red MEPIS 1 06-05-2005 05:33 PM
Should I be concerned? LinuxBAH Linux - Security 8 02-07-2004 12:24 PM
should i be concerned Zaius Linux - Newbie 3 01-26-2004 02:40 PM
standard vs Expert install? Standard flubs up! Frost Linux - Software 1 03-27-2002 07:55 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:30 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration