Why do I need to add a GPG-key with apt-key before adding URL to sources.list and download-installing an application with apt-get?
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I went on to download an application today. It had it's instructions listed, step by step, number one being: adding a GPG-key with apt-key. It was followed by adding the application to apt/sources and finally downloading it with apt-get install.
I can't get my head around the need of adding a key, before downloading an application after adding the URL to sources.
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
debian apt gpg
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
add a comment |Â
up vote
6
down vote
favorite
I went on to download an application today. It had it's instructions listed, step by step, number one being: adding a GPG-key with apt-key. It was followed by adding the application to apt/sources and finally downloading it with apt-get install.
I can't get my head around the need of adding a key, before downloading an application after adding the URL to sources.
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
debian apt gpg
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I went on to download an application today. It had it's instructions listed, step by step, number one being: adding a GPG-key with apt-key. It was followed by adding the application to apt/sources and finally downloading it with apt-get install.
I can't get my head around the need of adding a key, before downloading an application after adding the URL to sources.
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
debian apt gpg
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
I went on to download an application today. It had it's instructions listed, step by step, number one being: adding a GPG-key with apt-key. It was followed by adding the application to apt/sources and finally downloading it with apt-get install.
I can't get my head around the need of adding a key, before downloading an application after adding the URL to sources.
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
debian apt gpg
debian apt gpg
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
edited Aug 21 at 3:14
Rui F Ribeiro
36.7k1271116
36.7k1271116
asked Oct 21 '13 at 11:15
Phil
14436
asked Oct 21 '13 at 11:15
Phil
14436
asked Oct 21 '13 at 11:15
Phil
14436
14436
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
5
down vote
accepted
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
The reason is simple: security.
First, if you don't do this, apt-get update will whine that some keys aren't found, and it downloaded "untrusted" package lists. If you do apt-get install it will ask you twice with big letters that you are installing packages from a untrusted sources. To any user this warning would be alarming (if they read them), so to prevent "How to solve 'NOPUBKEY' found" and similar questions, repository owners often include how to add their keys before even starting so users don't miss this step.
Second, if you miss this step and ignore the warning, the security is incomplete. You downloaded some packages list from a site you didn't verify. Any crack could have been exploited by someone, then tricking you into installing malicious software. If you added the keys since the start, you will have start-to-end secure transactions with the repository maintainer.
Third, when you add a key, it means that you trust that key. You say the system that you trust the person that identify themself with that key, and you want to install software from him.
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
The reason is simple: security.
First, if you don't do this, apt-get update will whine that some keys aren't found, and it downloaded "untrusted" package lists. If you do apt-get install it will ask you twice with big letters that you are installing packages from a untrusted sources. To any user this warning would be alarming (if they read them), so to prevent "How to solve 'NOPUBKEY' found" and similar questions, repository owners often include how to add their keys before even starting so users don't miss this step.
Second, if you miss this step and ignore the warning, the security is incomplete. You downloaded some packages list from a site you didn't verify. Any crack could have been exploited by someone, then tricking you into installing malicious software. If you added the keys since the start, you will have start-to-end secure transactions with the repository maintainer.
Third, when you add a key, it means that you trust that key. You say the system that you trust the person that identify themself with that key, and you want to install software from him.
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
add a comment |Â
up vote
5
down vote
accepted
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
The reason is simple: security.
First, if you don't do this, apt-get update will whine that some keys aren't found, and it downloaded "untrusted" package lists. If you do apt-get install it will ask you twice with big letters that you are installing packages from a untrusted sources. To any user this warning would be alarming (if they read them), so to prevent "How to solve 'NOPUBKEY' found" and similar questions, repository owners often include how to add their keys before even starting so users don't miss this step.
Second, if you miss this step and ignore the warning, the security is incomplete. You downloaded some packages list from a site you didn't verify. Any crack could have been exploited by someone, then tricking you into installing malicious software. If you added the keys since the start, you will have start-to-end secure transactions with the repository maintainer.
Third, when you add a key, it means that you trust that key. You say the system that you trust the person that identify themself with that key, and you want to install software from him.
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
add a comment |Â
up vote
5
down vote
accepted
up vote
5
down vote
accepted
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
The reason is simple: security.
First, if you don't do this, apt-get update will whine that some keys aren't found, and it downloaded "untrusted" package lists. If you do apt-get install it will ask you twice with big letters that you are installing packages from a untrusted sources. To any user this warning would be alarming (if they read them), so to prevent "How to solve 'NOPUBKEY' found" and similar questions, repository owners often include how to add their keys before even starting so users don't miss this step.
Second, if you miss this step and ignore the warning, the security is incomplete. You downloaded some packages list from a site you didn't verify. Any crack could have been exploited by someone, then tricking you into installing malicious software. If you added the keys since the start, you will have start-to-end secure transactions with the repository maintainer.
Third, when you add a key, it means that you trust that key. You say the system that you trust the person that identify themself with that key, and you want to install software from him.
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
Why do I need to add a GPG-key with apt-key before adding a download URL to apt/sources and downloading-installing with apt-get install?
The reason is simple: security.
First, if you don't do this, apt-get update will whine that some keys aren't found, and it downloaded "untrusted" package lists. If you do apt-get install it will ask you twice with big letters that you are installing packages from a untrusted sources. To any user this warning would be alarming (if they read them), so to prevent "How to solve 'NOPUBKEY' found" and similar questions, repository owners often include how to add their keys before even starting so users don't miss this step.
Second, if you miss this step and ignore the warning, the security is incomplete. You downloaded some packages list from a site you didn't verify. Any crack could have been exploited by someone, then tricking you into installing malicious software. If you added the keys since the start, you will have start-to-end secure transactions with the repository maintainer.
Third, when you add a key, it means that you trust that key. You say the system that you trust the person that identify themself with that key, and you want to install software from him.
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
answered Oct 21 '13 at 11:31
Braiam
22.5k1971132
22.5k1971132
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f96951%2fwhy-do-i-need-to-add-a-gpg-key-with-apt-key-before-adding-url-to-sources-list-an%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
