Re[2]: [newbie] No GPG signature?
Hello eric, Monday, June 2, 2003, 11:20:10 PM, you wrote: eh> I asked the same ? and a couple people said not to worry about it if it was eh> from one of the "known/respected" sites. I guess it would depend on just eh> how paranoid you are I have a large amount of valuable-to-me info on my local net. I was also a victim of identity theft - a terrible experience. My paranoia index is QUITE high! Hello Charles, Tuesday, June 3, 2003, 5:53:18 AM, you wrote: CAE> Normally, since Contrib is not 'officially' maintained CAE> some/many/most Contrib rpms are not signed. I think this was what the MD install was complaining about. CAE> I did the sylpheed-claws rpms and I believe that Lenny did the one for CAE> 'plain' sylpheed. Thanks for your contribution. Hello Derek, Tuesday, June 3, 2003, 2:44:40 AM, you wrote: DJ> If the package is coming from a 'respectable' site, then the risk DJ> is small. OK - I'll install it and hope for the best. :-) -- Thank you, rikonamailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] No GPG signature?
> The risks may be small, but last year the openssh project site (I think > it was openssh) was hacked and a malicious .tar.gz file was substituted > in the download area. It was about a week before anyone noticed. > > To put someones gpg identity on your key ring. Download their public key > which you will find somewhere on their download site and in a root > terminal enter ' gpg --import key_file_name' The problem is often that the rpm's aren't signed to begin with... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] No GPG signature?
On Mon, 2 Jun 2003 22:34:12 -0700 rikona <[EMAIL PROTECTED]> wrote: > I downloaded sylpheed from a contrib mirror, and during the install I > get a message 'No GPG signature in package'. Does this imply a > security risk in installing the package? I didn't get this in 9.0. Is > this a new check in 9.1 or is the package really different? Normally, since Contrib is not 'officially' maintained some/many/most Contrib rpms are not signed. I did the sylpheed-claws rpms and I believe that Lenny did the one for 'plain' sylpheed. Charles -- The best portion of a good man's life, his little, nameless, unremembered acts of kindness and love. -- Wordsworth - Mandrake Linux 9.2 on PurpleDragon Kernel-enterprise-2.4.21.0rc1.1mdk - pgp0.pgp Description: PGP signature
Re: [newbie] No GPG signature?
I asked the same ? and a couple people said not to worry about it if it was from one of the "known/respected" sites. I guess it would depend on just how paranoid you are If the sig is borked (ie you actually did download the key, the package has one, *and* you get an error) that might be a problem. eric On Mon June 2 2003 10:34 pm, rikona wrote: > I downloaded sylpheed from a contrib mirror, and during the install I > get a message 'No GPG signature in package'. Does this imply a > security risk in installing the package? I didn't get this in 9.0. Is > this a new check in 9.1 or is the package really different? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] No GPG signature?
Hello, I downloaded sylpheed from a contrib mirror, and during the install I get a message 'No GPG signature in package'. Does this imply a security risk in installing the package? I didn't get this in 9.0. Is this a new check in 9.1 or is the package really different? Thanks. -- Best regards, rikona mailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com