[Bug 256245] Re: Kubuntu GUI package manager does not warn if packages are unsigned
Bug Watch Updater
256245 at bugs.launchpad.net
Sat Sep 21 17:02:42 UTC 2013
Launchpad has imported 3 comments from the remote bug at
https://bugs.kde.org/show_bug.cgi?id=169190.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2008-08-15T18:15:44+00:00 Kde-gj5 wrote:
Version: (using KDE 3.5.9)
Installed from: Ubuntu Packages
OS: Linux
Generally other package managers (e.g apt or synaptic) warn the user if
packages are unsigned. While this might have at one point been a nice to
have feature, in the current era of DNS cache poisoning attacks package
signatures are the only guarantee we have that the package being
installed is authentic. This is essential.
In the past, I would have categorized this as a wish, but no longer.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/adept/+bug/256245/comments/2
------------------------------------------------------------------------
On 2008-08-15T18:21:04+00:00 mornfall wrote:
The possibility of attack has been roughly the same, DNS poisoning or
not. I don't think the risk is nowadays any higher than it's been a few
years ago. (Really, do you know how efficient are http certificate
warnings? Below 1 %, at least that's a quote from a private study
evaluating man-in-the-middle attacks against https. Sad, I know. But
users generally just ignore security warnings. I have no idea why,
really.)
Reply at:
https://bugs.launchpad.net/ubuntu/+source/adept/+bug/256245/comments/3
------------------------------------------------------------------------
On 2013-09-21T04:44:18+00:00 adaptee wrote:
Adept has been in the unmaintained state for a few years. Use muon[1]
as replacement .
[1] https://launchpad.net/muon
Reply at:
https://bugs.launchpad.net/ubuntu/+source/adept/+bug/256245/comments/21
** Changed in: adeptmgr
Status: Confirmed => Unknown
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/256245
Title:
Kubuntu GUI package manager does not warn if packages are unsigned
Status in Adept Manager:
Unknown
Status in Release Notes for Ubuntu:
Fix Released
Status in “adept” package in Ubuntu:
Won't Fix
Status in “kpackagekit” package in Ubuntu:
Fix Released
Status in “packagekit” package in Ubuntu:
Fix Released
Status in “adept” source package in Karmic:
Won't Fix
Status in “kpackagekit” source package in Karmic:
Won't Fix
Status in “packagekit” source package in Karmic:
Fix Released
Bug description:
Binary package hint: adept
Generally other package managers (e.g apt or synaptic) warn the user
if packages are unsigned. While this might have at one point been a
nice to have feature, in the current era of DNS cache poisoning
attacks package signatures are the only guarantee we have that the
package being installed is authentic. This is essential.
To manage notifications about this bug go to:
https://bugs.launchpad.net/adeptmgr/+bug/256245/+subscriptions
More information about the foundations-bugs
mailing list