2007-07-10 18:56:50 |
Reinhard Tartler |
bug |
|
|
added bug |
2007-07-24 15:35:03 |
Celso Providelo |
soyuz: status |
New |
Confirmed |
|
2007-07-24 15:35:03 |
Celso Providelo |
soyuz: importance |
Undecided |
High |
|
2007-07-24 15:35:03 |
Celso Providelo |
soyuz: statusexplanation |
|
|
|
2007-08-02 19:19:43 |
Christian Reis |
soyuz: statusexplanation |
|
Postponing for now, because I'd like us to have a bit more feedback on what is the right thing to do here. I spoke to Reinhard today and he pointed out an interesting issue that adds to this: if the PPA is unsigned, it becomes impossible to use it in a non-interactive session, because apt will force you to acknowledge the risk by typing "yes" when you install packages. This does reduce the benefit of a PPA for situations in which you want to use it in a testbed. |
|
2007-08-31 12:48:19 |
Dave Walker |
bug |
|
|
added attachment 'mirror_repository.sh' (Mirror & Sign Script) |
2007-10-25 01:21:10 |
Christian Reis |
soyuz: milestone |
1.1.11 |
1.2.1 |
|
2008-01-02 11:19:46 |
Julian Edwards |
soyuz: milestone |
1.2.1 |
1.2.2 |
|
2008-01-28 18:13:27 |
Celso Providelo |
soyuz: assignee |
|
cprov |
|
2008-02-09 12:48:36 |
Celso Providelo |
soyuz: milestone |
1.2.2 |
|
|
2008-03-04 03:50:13 |
Mantas Kriaučiūnas |
bug |
|
|
added subscriber Baltix Members |
2008-03-04 03:56:13 |
Mantas Kriaučiūnas |
bug |
|
|
assigned to baltix |
2008-04-15 05:14:11 |
Martin Pool |
bug |
|
|
added attachment '2008-04-15-151328_498x411_scrot.png' (2008-04-15-151328_498x411_scrot.png) |
2008-05-03 23:31:37 |
alsuren |
description |
The Package indices on the ppa archives are not signed at all, which causes warnings while installing packages.
Ideally, there could be an per user/group archive key (generated and managed by launchpad). |
The Package indices on the ppa archives are not signed at all, which causes warnings while installing packages.
Ideally, there should be an per user/group archive key (generated and managed by launchpad). This way, the user can trust individual packagers/teams reliably. Please read comments to see why having a single global PPA key might let a malicious attacker install arbitrary software on the user's machine by DNS spoofing. |
|
2008-07-11 12:22:11 |
Hugo Josefson |
bug |
|
|
added subscriber Mario Boikov |
2008-09-03 10:51:18 |
Julian Edwards |
soyuz: milestone |
|
2.1.10 |
|
2008-10-07 08:43:48 |
Julian Edwards |
soyuz: milestone |
2.1.10 |
2.1.11 |
|
2008-10-23 21:00:06 |
Mario Limonciello |
bug |
|
|
added subscriber The Dell Team |
2008-11-22 01:02:07 |
Celso Providelo |
soyuz: status |
Confirmed |
In Progress |
|
2008-11-24 10:54:38 |
Julian Edwards |
soyuz: milestone |
2.1.11 |
2.1.12 |
|
2008-12-06 00:35:39 |
Celso Providelo |
soyuz: status |
In Progress |
Fix Committed |
|
2008-12-06 00:35:39 |
Celso Providelo |
soyuz: statusexplanation |
|
RF 7399 has the last changes required to complete https://dev.launchpad.net/SoyuzSignedArchives. |
|
2008-12-18 02:33:17 |
Celso Providelo |
soyuz: status |
Fix Committed |
Fix Released |
|
2008-12-18 02:33:17 |
Celso Providelo |
soyuz: statusexplanation |
RF 7399 has the last changes required to complete https://dev.launchpad.net/SoyuzSignedArchives. |
PPA signing key generation infrastructure is available in production and my PPA is already using one. We are depending on some hardware rearrangement for being able to generate all (1k8) keys needed. That will be done soon.
There was only a small issue with the signing key UID format we use, please follow up on bug #309202. |
|
2009-01-02 10:55:21 |
Milan Bouchet-Valat |
None: status |
New |
Invalid |
|
2009-01-02 10:55:21 |
Milan Bouchet-Valat |
None: statusexplanation |
|
|
|
2010-02-12 13:32:07 |
Deivy Armand Hugon |
soyuz: status |
Fix Released |
Fix Committed |
|
2010-02-12 13:44:14 |
Julian Edwards |
soyuz: status |
Fix Committed |
Fix Released |
|
2010-02-12 13:53:27 |
Jani Monoses |
removed subscriber Jani Monoses |
|
|
|
2010-02-12 16:32:34 |
Scott Wegner |
removed subscriber Scott Wegner |
|
|
|