repository is not signed

This is a global bug by Launchpad - not from GScrot.
sorry!

Greets - shifty

Kamil Páral schrieb:
> *** This bug is a security vulnerability ***
>
> Public security bug reported:
>
> GScrot repository is not signed with a PGP key. If it is, there is no information about it at:
> https://launchpad.net/~gscrot/+archive
> nor at:
> https://answers.launchpad.net/gscrot/+faq/275
>
> The download page should mention which key is used to sign the packages
> and how to add them to the system.
>
> Every time there is an upgrade to GScrot, the package managers warns the
> user that GScrot is an unsigned and therefore potentially dangerous
> package. It is true, someone may hack into your repository and replace
> the packages with his own. If you want to ensure people's trust, you
> have to sign your package. It is absolutely necessary for large-spread
> packages like GScrot.
>
> Please sign your repository and give us information about that on the
> download page. Thank you.
>
> ** Affects: gscrot
> Importance: Undecided
> Status: New
>
> ** Visibility changed to: Public
>

What do you mean? Launchpad does not allow to sign its repositories? Can you post a link to the relevant bug?

https://bugs.launchpad.net/soyuz/+bug/125103

It's not a bug fix, but a bad workaround ...

Hello Kamil,

here are some more information about this topic:

http://brainstorm.ubuntu.com/idea/11810/

There seems to be a solution available in the near future as described here:
http://news.launchpad.net/general/preparing-for-signed-ppas

I'll sign the repository as soon as it is available. Thanks.

Greetings
Mario

Didn't know this. Thanks for the info.

I'll keep this one open. Just as a reminder...

repos at launchpad are signed now. next packages (shutter 0.70) will be signed.

This one is generally fixed but please don't close this bug until new shutter packages are available (we are currently working on this).

http://shutter-project.org/2009/03/shutter-070-released/