View Poll Results: Do you trust/add unofficial PPAs ?

Voters
57. You may not vote on this poll
  • Yes, anything to acheive bleeding edge !!!

    11 19.30%
  • Never

    5 8.77%
  • Yes but only a few of them

    33 57.89%
  • No, I only add the official PPAs (if available)

    8 14.04%
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: Are PPA's safe ?

  1. #21
    Join Date
    Jan 2011
    Location
    Kansas City, KS
    Beans
    1,319
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Are PPA's safe ?

    Yeah, I only use PPAs from entities I trust, "official" or otherwise, but there are rather a lot of them, most of them directly from the developers on Launchpad and a couple from WebUpD8. It's just a matter of poking around to get a sense of whether or not this particular piece of software is reasonably well known.
    I know I shouldn't use tildes for decoration, but they always make me feel at home~

  2. #22
    beew is offline I Ubuntu, Therefore, I Am
    Join Date
    Jun 2010
    Beans
    2,783

    Re: Are PPA's safe ?

    I install most of my end user programs with PPAs. Many from the developers themselves and others are those "well known" ones on lauchpad, pretty much tried and true. Haven't had any problem.

    When you upgrade with a PPA with synaptic always read what is being removed, if anything. Install ppa-purge if something goes wrong,--it rarely happens but if it does it is mostly for things like conflicting dependencies rather than anything malicious.

  3. #23
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Are PPA's safe ?

    I say they are no safer, if anything actually about the same as downloading the package elsewhere.

    You're probably thinking I'm off my rocker right now I'm sure. However, consider this,what if an attacker could emulate a trusted repo? Then what if they further modified packages within the repo? Now you're thinking, well they would still have to get me to download them, of course they would , which is actually the easiest part of the whole process, you could easily download them on your next update if your machine was made to believe that the offending repo was the real one. This would be very complicated, but also very possible. It would also likely be able to bypass the common sense test of "do I trust the source".

    Note -- this is very theoretical and depends on the ability of the attacker to forge crypto keys in several files. Which for the sake of moderator sanity will be left nameless. As well as the ability to pull off a sucessful MITM attack.
    Last edited by Dangertux; July 4th, 2011 at 09:38 PM.

  4. #24
    Join Date
    Jan 2011
    Location
    Kansas City, KS
    Beans
    1,319
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Are PPA's safe ?

    The same would apply to distributor repos and "official" PPAs.
    I know I shouldn't use tildes for decoration, but they always make me feel at home~

  5. #25
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Are PPA's safe ?

    Quote Originally Posted by Copper Bezel View Post
    The same would apply to distributor repos and "official" PPAs.
    Agreed, which is why I say it's pretty much the same either way. IMO they are more of a convenience thing then a security thing.

  6. #26
    Join Date
    Dec 2009
    Location
    Scotland
    Beans
    40
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Are PPA's safe ?

    I don't generally add them, but if I do I make sure that I get them from a reputable source like OMG! Ubuntu!

    I think the possibility of something disastrous in the PPA system must make Canonical think about a rolling repository like Tumbleweed on OpenSUSE, or even a system like the Testing/Unstable repositories like Debian.

  7. #27
    Join Date
    Nov 2010
    Beans
    16

    Re: Are PPA's safe ?

    Quote Originally Posted by beetleman64 View Post
    I don't generally add them, but if I do I make sure that I get them from a reputable source like OMG! Ubuntu!

    I think the possibility of something disastrous in the PPA system must make Canonical think about a rolling repository like Tumbleweed on OpenSUSE, or even a system like the Testing/Unstable repositories like Debian.
    OMG ubuntu is just a blog and they recently had a big discussion in their comments about pps's, and how the safety of the ppa's can not be maintained by a blog or any internet publication.

    You trust the better people for the right reasons, but that is not enough.

  8. #28
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: Are PPA's safe ?

    Quote Originally Posted by jerenept View Post
    I use mozilla-daily, banshee-daily, webupd8, clamav and opera ppas and I'm fine.
    I am trying to add the clamav PPA https://launchpad.net/~ubuntu-clamav/+archive/ppa

    How do I add their key ?

    Seems like my PPA phobia is getting under control listening to you guys.
    Lubuntu 20.04

  9. #29
    Join Date
    Aug 2008
    Beans
    1,835
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Are PPA's safe ?

    Quote Originally Posted by linuxyogi View Post
    I am trying to add the clamav PPA https://launchpad.net/~ubuntu-clamav/+archive/ppa

    How do I add their key ?

    Seems like my PPA phobia is getting under control listening to you guys.
    If you do sudo apt-add-repository ppa:ubuntu-clamav/ppa

    it downloads and installs the key as part of the process.

    Or you just manually copy and paste the key into a text file and save it. You can then import the file with the key from synaptic.

  10. #30
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: Are PPA's safe ?

    Quote Originally Posted by alphacrucis2 View Post
    If you do sudo apt-add-repository ppa:ubuntu-clamav/ppa

    it downloads and installs the key as part of the process.

    Or you just manually copy and paste the key into a text file and save it. You can then import the file with the key from synaptic.
    Done
    Lubuntu 20.04

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •