Ubuntu runs its own SKS keyserver (keyserver.ubuntu.com) and apk-add-repository ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sirn on June 29, 2019 \| parent \| context \| favorite \| on: SKS Keyserver Network Under Attack Ubuntu runs its own SKS keyserver (keyserver.ubuntu.com) and apk-add-repository use it when adding a PPA repository. I think in theory it's still possible to break package manager in Ubuntu if someone decide to poison a popular PPA repository/key.

rlpb on June 29, 2019 [–]

PPA repository keys are generated by Launchpad; mere Launchpad users cannot inject arbitrary PPA repository keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact