[CoLoCo] Possibly Stupid Ubuntu Question
Ringo
Hash: SHA1
Hey Ubunteros,
I have a quick question. I have the main Ubuntu repositories enabled as
well as some third party ones for other software I have. All of them use
pgp signatures to verify the downloads.
When Ubuntu looks for upgrades, one could theoretically put a backdoored
version of an upgrade (with a higher than possible version number) in
one of these third party repositories (or the community repos). If I
originally installed software from the official Ubuntu repos, is it
possible that apt would upgrade from a non-official one? If so, how
could I stop this and/or is there a way to see in synaptic/other
programs where the upgrades are coming from?
Thanks,
Ringo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksa4MEACgkQETpif9i/srr8VACeOp9MerMJ01EBbiBysBK1dCaz
qXIAnRq1qb0rxZLGRIOxDj1MSlhc20L/
=MvEa
-----END PGP SIGNATURE-----
--
Ubuntu-us-co mailing list
Ubuntu...@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
Kevin Fries
Apt will indeed upgrade from a third party repo if it is labeled as a newer version. This is on purpose. To stop that behavior google "debian apt pinning" I am not at my desk, so I can't check that exact search, but it should get you on the right path.
HTH
Kevin
Ovi Mail: Being used by users in 178 countries
http://mail.ovi.com
--
Ubuntu-us-co mailing list
Ubuntu...@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
You received this message because you are subscribed to the Google Groups "Ubuntu Colorado Local Community Team" group.
To post to this group, send email to col...@googlegroups.com.
To unsubscribe from this group, send email to coloco+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/coloco?hl=en.