|
The Debian project is warning users that the official Debian Multimedia repository should be considered insecure.
According to the Debian maintainers, the domain debian-multimedia.org is no longer being used by the former managers and is now in the name of someone unknown. This means that the repository is no longer secure and users should remove it from their sources.list file as soon as possible. |
In its announcement, the Debian project recommends that users check their systems by running:
grep debian-multimedia.org /etc/apt/sources.list/etc/apt/sources.list.d/*
which will show debian-multimedia.org in its output if the user has this repository enabled. Meanwhile, developer Steve Kemp has asked the community to create a tool to easily manipulate the entries in the sources.list file. At the moment, Debian users have to modify their repository sources with a text editor.
Using unofficial repositories always represents a security risk and this example clearly shows one of the reasons, as the project in general does not have any control over such repositories.
Considering that new owners of the debian-multimedia.org domain will likely not have access to the signing keys for the expired repository, the security risk is mitigated as long as users do not install the unsigned packages. In any case, it is recommended to remove the repository from the sources.list file as soon as possible.
Source: Debian
(Y)
It goes without saying that debian-multimedia should now be used instead of debian-multimedia.
Greetings.
Great! I didn't know ... I'm adding it right now.
Thank you! Regards!