There will be no changes to how Canonical handles GnuPG in their repos.
This is an obscure IRC chat server app, that only shows how inept some people can be.
Gentoo is one of the few distros that requires you to compile from tar.gz EVERYTHING.
I doubt they have the resources to verify/test code or certify vendor software.
With Gentoo you literally compile your own kernel before downloading tarballs to yet do more compiling.
I know b/c I've tried Gentoo. Is this necessarily a bad practice in terms of implementation? That's something for a separate debate.
But, the risks of accepting any vendor's source remain.
Distros must keep up their guard to ensure that all code admitted to the repo is certified clean and safe to use.
That has been a sticking point for Canonical who don't 'willy-nilly' let source find its way into Ubuntu. It's a careful vetting certification process and if you scroll through the Synaptic database, only select programs have Canonical's blessing for support (LTS).
Stay in the GPG 'ring of safety' repo and you are fine with Ubuntu Linux.
Discussion on:
Message 1 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
