[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package Signatures

Lukas Ruf wrote:
> - how do the power users of Debian react in such situations?  Do you
>   continue with the apt-get upgrade or do you skip it?

That really depends on the machine to some extent. The message you
quoted could occur if someone has compromised the mirror and is trying
to provide trojaned packages, so if I care about the security of the
machine I don't do anything until I've checked whether I can trust the
key. If it's some one-off or unimportant machine, I might say "y" and
assume that if it's a real compromise someone else will notice it and a
large stink will eventually be raised about the security breach.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: