repository is not signed
Bug #312175 reported by
Kamil Páral
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Tweak |
Fix Released
|
Medium
|
Ding Zhou | ||
Bug Description
Ubuntu Tweak repository is not signed with a PGP key. If it is, there is no information about it at:
http://
The download page should mention which key is used to sign the packages and how to add them to the system.
Every time there is an upgrade to Ubuntu Tweak, the package managers warns the user that Ubuntu Tweak is an unsigned and therefore potentially dangerous package. It is true, someone may hack into your repository and replace the packages with his own. If you want to ensure people's trust, you have to sign your package. It is absolutely necessary for large-spread packages like Ubuntu Tweak.
Please sign your repository and give us information about that on your webpage. Thank you.
Revision history for this message
| Ding Zhou (tualatrix) wrote | #1 |
| Changed in ubuntu-tweak: | |
| assignee: | nobody → tualatrix |
| importance: | Undecided → Medium |
| milestone: | none → 0.4.5 |
| status: | New → Fix Committed |
| status: | Fix Committed → Confirmed |
Revision history for this message
| Kamil Páral (kamil.paral) wrote | #2 |
| Changed in ubuntu-tweak: | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Confirmed. Thanks!
I'll metion how to import the key.