|
|
|
|
|
|
by TechBro8615
1003 days ago
|
|
|
Until recently (when apt-key was deprecated), this has been a large security hole (and it will continue to be as long as apt-key is still used). Basically unless a repository in your sources.list includes a signed-by attribute referencing a specific key, then it can install packages signed by any public key you've added via apt-key. Also, sources.list defines an implicit priority order (IIRC it's top-to-bottom), so that when two repositories include a package with the same name, the package from the highest priority repository is installed. You can imagine the security issues that arise from a system dependent on the order of lines in a file that many people manually edit while frustrated and reading a tutorial online. More here: https://medium.com/@glegoux/ubuntu-22-04-jammy-jellyfish-apt... |
|
|