Comment 3 for bug 1912526
Revision history for this message
| Christian Rauch (christianrauch) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
It's in the latest Ubuntu LTS and will stay be there until 2025. If it is legacy and deprecated, maybe it should have been removed?
In its current state, this apt-key issue has some security implications:
First, the Ubuntu update GUI is not very intuitive in handling this issue. It presents the user only with a message that there is a connection issue, which is not true in this case. Options then are to "try again" which will never resolve an issue with unsigned repos, or acknowledge the issue with "Ok". This can be confusing as the "Ok" does not indicate that updates can still be installed. A user might just close the dialog and never install additional updates. The update manager should just install all updates available and not bother the user with unintuitive choices.
Second, even if you manage to decipher the update manager GUI, you will still be left with a browser (e.g. Google Chrome in the example above) that will never be updated. This means in the worst case that someone is using a browser on Ubuntu LTS that gathered 5 years of security issues.