View Single Post
Posts: 245 | Thanked: 915 times | Joined on Feb 2012
#1
THE ISSUE

In the upcoming PR1.2 release, the installer contains an issue that will block packages from custom APT repositories from being installed unless they contain Secure APT signatures.

This means that it will become rather complicated to install packages from:

  • Nokia's Harmattan Platform SDK repository
  • rzr/djszapi's temporary community repository
  • Most other repositories

These repositories contain ports of important utilities that are useful for developers and advanced N9 users.

WHAT YOU CAN DO

It's most likely too late to fix this, and Nokia might consider it to be more of a feature than a bug. However, you can still take action:

  • Register on the Harmattan bug tracker and vote for Bug 978 to encourage Nokia to sign the SDK repository.
  • If you maintain an APT repository, add signatures now so you won't be caught by surprise when PR1.2 arrives for the general public. Even if it weren't a necessity, Secure APT is a good idea that can help protect against sabotaged packages when you use untrusted networks (like WiFi hotspots). You can read more on the Debian wiki.
    • If you use the MeeGo Open Build Service to host your repository, you can enable automatic signing using osc signkey - see the OpenSUSE OBS documentation for more info.

Last edited by itsnotabigtruck; 2012-02-21 at 19:56.
 

The Following 20 Users Say Thank You to itsnotabigtruck For This Useful Post: