repository is not signed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Tweak |
Fix Released
|
Medium
|
Ding Zhou |
Bug Description
Ubuntu Tweak repository is not signed with a PGP key. If it is, there is no information about it at:
http://
The download page should mention which key is used to sign the packages and how to add them to the system.
Every time there is an upgrade to Ubuntu Tweak, the package managers warns the user that Ubuntu Tweak is an unsigned and therefore potentially dangerous package. It is true, someone may hack into your repository and replace the packages with his own. If you want to ensure people's trust, you have to sign your package. It is absolutely necessary for large-spread packages like Ubuntu Tweak.
Please sign your repository and give us information about that on your webpage. Thank you.
Changed in ubuntu-tweak: | |
status: | Confirmed → Fix Released |
Confirmed. Thanks!
I'll metion how to import the key.