• 0 Posts
  • 87 Comments
Joined 2 years ago
cake
Cake day: July 11th, 2023

help-circle
















  • You can find multiple instances when they are revoked keys and people on stack exchange are figuring out how to update them to use the toolkit after the change.

    yeah, signing keys expire from time to time and then they need to be replaced or updated. but these are not per-user, these are public and cannot be kept in secret. this is not a subscription code, not a DRM either, it’s one of those very few exceptions when they are provided for actual security. the packages you download are already signed with the key, if you don’t accept the key your package manager just wont be able to verify if they have been tampered with while in transit. if you don’t accept the key, you can still install the packages, but then you also need to pass the parameter to your package manager that tells it to not verify the packagesthis time, which is 99.999% of the cases a bad idea.