synaptic

[DrHu]

just a querry...whenever i install certain packages from synaptic i usally get a warning as it relates to safety

What is the message you get..
http://www.mepislovers.org/forums/archi ... t-581.html

If its just about the unauthenticated packages and it is the Ubuntu/Mint repositories, you are probably fairly safe
--even if the developer has not digitally signed the package so that it could be authenticated
the difference between an http and an https connection..
also binary packages.. likely will be unauthenticated, like nvidia or Ati video drivers, nic drivers sound card drivers, that kind of item..

There are quite a lot of unauthenticated packages, since not everyone wants to sign or is maybe not aware of the recent idea that authenticating packages is a good public policy idea..

[DrHu]

so the packages in synaptic are 100% safe then? was just wondering why i was getting those alerts

I don't think anyone can say that, it would be irrational.

You might want to know that there seems to be only one 100% guarantee in life; death and taxes..

[emorrp1]

it's safe enough that you don't have to worry about it. Given that there are tens of thousands of packages available, and there might be only a few that were bad, I'd say 100% to 3 significant figures.

[Fred]

everton,

Programs in the repos are vetted by Ubuntu developers, before that they are vetted by the Debian developers, and before that by the projects that wrote them. In the general scheme of things you are less likely to get tainted programs from the official repos than any other source.

The warning you are getting just says that you don't have the pgp key to verify that you are downloading from a given repo.

Fred

[turkka]

The warning you are getting just says that you don't have the pgp key to verify that you are downloading from a given repo.

Fred

Ok, but will these programs be updated when an update is available or is the pgp key required to do that?

-- Just wondering...