The risks may be small, but last year the openssh project site (I think
it was openssh) was hacked and a malicious .tar.gz file was substituted
in the download area. It was about a week before anyone noticed.
To put someones gpg identity on your key ring. Download their public key
which
Hello eric,
Monday, June 2, 2003, 11:20:10 PM, you wrote:
eh I asked the same ? and a couple people said not to worry about it if it was
eh from one of the known/respected sites. I guess it would depend on just
eh how paranoid you are
I have a large amount of valuable-to-me info on my
Hello,
I downloaded sylpheed from a contrib mirror, and during the install I
get a message 'No GPG signature in package'. Does this imply a
security risk in installing the package? I didn't get this in 9.0. Is
this a new check in 9.1 or is the package really different?
Thanks.
--
Best regards,
I asked the same ? and a couple people said not to worry about it if it was
from one of the known/respected sites. I guess it would depend on just
how paranoid you are
If the sig is borked (ie you actually did download the key, the package has
one, *and* you get an error) that might be a
On Mon, 2 Jun 2003 22:34:12 -0700
rikona [EMAIL PROTECTED] wrote:
I downloaded sylpheed from a contrib mirror, and during the install I
get a message 'No GPG signature in package'. Does this imply a
security risk in installing the package? I didn't get this in 9.0. Is
this a new check in 9.1