Ubuntu logo

Developer Summit

Secure distribution of third-party .debs

2012-05-07 16:15..17:00 in Jr. Ballroom 2

Care has been taken over the years to ensure that clicking a link to an executable on a website doesn't cause untrusted code to be run, and that all package downloads from the Ubuntu archive and from PPAs can be done securely. But lots of community and third-party documentation directs users to download unsigned .debs from websites and install them, and software center facilitates this. We need to examine the security around third-party packages.