LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How concerned should I be about Mepis not authenticating standard repositories?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-18-2006, 10:37 PM   #1
Mountain Man
Member
 
Registered: Jul 2006
Distribution: Ubuntu 11.10 (desktop), lubuntu 11.10 (netbook)
Posts: 73

Rep: Reputation: 15
How concerned should I be about Mepis not authenticating standard repositories?

I recently started using SimplyMepis (latest, V 6.1 I think), and am really impressed. However, when I use Synaptic to add software I always get a warning that the packages can't be authenticated. I searched on this and found a thread on the mepis lovers forum about it. In general they don't seem too worried about it, and it sounds like this is not a "bug", but that the distro doesn't use authentication. However, there are are pointers and a link to a debian article showing how to manually add the keys yourself.

I'm very tempted to not worry any further about this since I am only using the repositories that were activated by default. Am I wearing rose colored glasses here?
 
Old 10-20-2006, 06:59 AM   #2
huibert.alblas
Member
 
Registered: Jan 2004
Location: Duesseldorf /Germany
Distribution: Gentoo amd64 / Debian
Posts: 226

Rep: Reputation: 30
Hi,

these keys are there for a reason:
It is to make sure that your Synaptic / Updater Software only installs known good software.
This also means that you are using an authenticated repository and that the signature is still valid.

If you chosse to ignore these warnings there is a slight chance that you get forged installtion packages.

As allways, it is your choise.
Importing the keys, may seem a litle bit difficult, but is sure is the best way.



Fundamental Thruth in IT:
"Fast, easy, secure.
Choose any two out of three."


Happy Hacking

Huibert
 
Old 10-20-2006, 04:49 PM   #3
Mountain Man
Member
 
Registered: Jul 2006
Distribution: Ubuntu 11.10 (desktop), lubuntu 11.10 (netbook)
Posts: 73

Original Poster
Rep: Reputation: 15
Thanks Huibert

You have convinced me. I'll spend some time on this over the weekend.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
broken MEPIS after update, looking for new "stable" repositories - any ideas? lefty.crupps MEPIS 5 09-29-2005 04:21 PM
Does MEPIS use straight up Debian repositories? Erik_the_Red MEPIS 1 06-05-2005 05:33 PM
Should I be concerned? LinuxBAH Linux - Security 8 02-07-2004 12:24 PM
should i be concerned Zaius Linux - Newbie 3 01-26-2004 02:40 PM
standard vs Expert install? Standard flubs up! Frost Linux - Software 1 03-27-2002 07:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:31 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration