Launchpad itself

untrusted PPA - what does it really mean?

Asked by axel

I want to add some repositories for example Clementine and there is information: "You can update your system with unsupported packages from this untrusted PPA"
I thought PPA and keys should make adding software safe and trusted. What 'untrusted' means in this case: untrusted = security issue or untrusted = secure but might crash?

Does anyone from Ubuntu team check in terms of security what is added to PPA - I mean the source code of each application and each version of applications that has their PPA's?

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Max Bowsher (maxb) said : 		#1

"Untrusted" means that absolutely anyone can register on Launchpad and create a PPA - i.e. it is up to you to decide how much you trust the owners of the PPA.

The use of PGP keys only enables you to validate that the files you have downloaded were not tampered with outside of the Launchpad systems which control PPA publication.

PPAs are not, in general, officially overseen by Ubuntu team members.

Can you help with this problem?

Provide an answer of your own, or ask axel for more information if necessary.

To post a message you must log in.