[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] Potential Accidental Install of Unsigned Package
From:       "'awokd' via qubes-users" <qubes-users () googlegroups ! com>
Date:       2020-10-27 23:15:08
Message-ID: a15600bc-54f0-cdbe-2aa4-6debc0ce3a40 () danwin1210 ! me
[Download RAW message or body]

'Yiyi50' via qubes-users:
> I'm running qubes 4.0 on a Purism Librem 13 v4. I've installed updates for my \
> templates without necessarily reading everything in the terminal before clicking \
> "y". How concerned should I be of having inadvertently installed an unsigned \
> package? Is there a command i can run to check the signatures on all my installed \
> packages? I should mention that I'm relatively new to linux and qubes. How common \
> is the installation of unsigned packages in Fedora or Debian? Does the qubes team \
> audit/review all template updates? 
If you haven't gone out of your way to add repos to your templates, you
would be using the default repos, which require signed packages. Your
chances are basically nil. No-one from Qubes audits updates that are not
from Qubes (with the possible exception here or there for security
critical ones like Xen); that is up to the maintainers of packages in
each distribution (Fedora/Debian).

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/a15600bc-54f0-cdbe-2aa4-6debc0ce3a40%40danwin1210.me.



[prev in list] [next in list] [prev in thread] [next in thread]