Re: Untrusted Source
On Wed, 10 Oct 2007 16:11:13 -0700
Andrew Sackville-West <andrew@farwestbilliards.com> wrote:
> On Wed, Oct 10, 2007 at 06:38:36PM -0400, Douglas A. Tutty wrote:
> > On Wed, Oct 10, 2007 at 03:31:16PM -0700, Raquel wrote:
> > > I'm wanting to install a package from outside Debian, Symfony.
> > > It's
> > > a PHP framework. However, I got scared because of all the
> > > warnings that aptitude showed me. Do I really need to be
> > > careful of installing something like this?
> >
> > Since you haven't told apt that you trust this source, then yes.
> > You
> > always have to be careful installing something from an untrusted
> > source. I've never heard of Symfony but then I don't do PHP.
> >
> > Do you trust the souce for Symfony? Does its repository have an
> > apt keyring? If you trust it, install the keyring and then apt
> > will trust it.
>
> but be sure to verify the keys on that keyring.
>
> Raquel - aptitude showed you those warnings because it couldn't
> verify the signatures on the package you were trying to install,
> if there were any signatures at all. If you aren't equipped with
> the skills to verify to your own satisfaction the safety of a
> package, then you should stick with debian packages and not move
> outside that.
>
> A
>
Another thought. This same piece of software can be installed via a
*.tgz file and it can be installed using Pear. Maybe one of those
methods would be better.
--
Raquel
============================================================
This above all: to thine own self be true; And it must follow, as
the night the day; Thou canst not then be false to any man.
--William Shakespeare, (Hamlet)
Reply to: