12 May
2015
12 May
'15
3:32 a.m.
Ken in Debian and its derivatives keys are a security feature that
indicates the signer of the key is the person or organisation who packages
what you are downloading. If you install packages without a key it could be
suggested you don't know who packaged it or if it has been modified from
the original package.
Lisi is correct in her statement "safety is as safety does" in that if you
are happy to download packages you believe are packaged by Slavek or Tim or
anyone else involved with Trinity without a signed key to check it against
then you take it upon yourself to ensure the package is what it is supposed
to be. If you want the extra layer of security then it is always wise to
have the key and let apt do its job confirming the package against the key
for the person or organisation that packaged it.
On 12 May 2015 at 12:52, Ken Heard <kenslists(a)teksavvy.com> wrote:
On 2015-05-11 17:17, Lisi Reisz wrote:
<snip
It is safe to download files from http://mirror.xcer.cx/trinity-sb
Lisi I am confused. Are you recommending against downloading packages
without authentication or using a preliminary stable build of TDE R14.0.1
-- or both?
The problem is ongoing, it turns out, and the problem lies with the
With this key server I was able to download the key I needed. Thank you
Lisi and Slávek.
Regards, Ken
---------------------------------------------------------------------
To unsubscribe, e-mail:
trinity-users-unsubscribe(a)lists.pearsoncomputing.net
For additional commands, e-mail:
trinity-users-help(a)lists.pearsoncomputing.net
Read list messages on the web archive:
http://trinity-users.pearsoncomputing.net/
Please remember not to top-post:
http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
without
authentication?
Safety is as as safety does. I have done it! But would not recommend
it to
anyone else.
server.
Alternative servers suggested by Slávek earlier in this thread:
keys.gnupg.net