On Tue, Aug 21, 2012 at 2:56 AM, Paul Wise
<pabs@debian.org> wrote:
Hi,
I note that the apt repository registered for Tucunaré in the Debian
derivatives census[1] does not have any GPG signatures on it. As such,
it opens any machine running Tucunaré to the possibility of arbitrary
code execution when the machine is upgraded or when software is
installed. I would encourage you to sign the apt repository metadata and
warn your users that they need to update their systems. If the
sources.list snippet registered on the wiki page is incorrect, please
update it to the correct version.
1. http://wiki.debian.org/Derivatives/Census/Tucunare
--
bye,
pabs
http://wiki.debian.org/PaulWise