Question

5

Should I install unsigned packages?

rated 0 times [ 5] [ 0] / answers: 1 / hits: 2166 / 1 Year ago, mon, february 20, 2023, 11:33:00

Yesterday when I tried to update packages, I received a message asking me if I want to install an unsigned package. I clicked no and stopped the update.

Today I updated all packages without the message.

So, what are unsigned packages and should I install them?

I've done a sudo apt-get update to update the package lists and I still get the error

I am not using any PPAs

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

icielight

Add To Favorites

Follow

Total Points: 158

Total Questions: 92

Total Answers: 93

Location: San Marino

Member since Thu, Jun 30, 2022

2 Years ago

icielight questions

1 How to use special characters as user input

Thu, Feb 24, 22, 00:24, 2 Years ago

1 Ubuntu 20.10 freezes when downloading torrent / watching youtube / using VLC

Sat, Oct 15, 22, 10:59, 2 Years ago

1 Disabling AMD's equivalent (on a Zen-1 Epyc) of Intel's "turbo boost" at runtime?

Thu, Mar 24, 22, 06:45, 2 Years ago

1 Fixing bad sectors of a hard drive

Mon, Jul 5, 21, 20:25, 3 Years ago

1 How to solve the error "Unable to locate package libuhd003" for ubuntu 20.04?

Wed, Jun 15, 22, 20:33, 2 Years ago

View All

answered 1 Year ago antorchestr · Accepted Answer

You should NOT trust unsigned packages. From a security standpoint, a signed package means that the person who made it used a PGP key that is owned by them to say "I created this package, and I verify its authenticity!" Unsigned packages are risky because you have no idea who the developer is (while you do with signed packages).

The other issue with updating is that if you use a PPA, it may be reading packages as unsigned if the PGP keys that originally signed them are not being downloaded, in which case you should make sure that you can connect to keyservers and make sure that the signee of the package has a key in the Ubuntu keyservers.