GPG key for opera 26
-
A Former User last edited by
The signing key is not listed in sources. Is it the same as the 2013b key ?
-
A Former User last edited by
The signing key is not listed in sources. Is it the same as the 2013b key ?
Just want to say I have installed the 26 version alongside the 12.16 version. I reinstalled 12.16 to
/usr/local/bin/ so that 26 is my 'main' version. The 26 version only has http://deb.opera.com/opera-stable/ in the software sources updates (Kubuntu 14.04) but removed the 2013b auth. key.resulting in no gpg key messgage when updating. I have added the 2013b key back but don't know whether this is the correct one for version 26. -
-
galaxy7b last edited by
The signing key provided by Opera appears pretty useless (it does not provide any security), as every time the old key is expired, a new key is introduced which is however not signed by the old one. The user has to download every time the new key (e.g. by the above command 'sudo apt-key add') without however being able to verify whether the new key is really from Opera or whether it is a fake key. Since many year I abstained from installing Opera on my Linux system, because of this extremly lazy use of signing keys by Opera.
-
Deleted User last edited by
The signing key provided by Opera appears pretty useless (it does not provide any security), as every time the old key is expired, a new key is introduced which is however not signed by the old one.
The expire date (+2 years) of the code signing key comes really too fast. And sometimes (in past it was) the signed key is not on webpage.
The user has to download every time the new key (e.g. by the above command 'sudo apt-key add') without however being able to verify whether the new key is really from Opera or whether it is a fake key.
Yes, that is a enerving procedure.
I dislike that Opera devs forces users to download the keys this way. -
galaxy7b last edited by
In my view the problem is not whether the users have to download the key. The main problem is that as long as a user is not able to verify whether the key is from Opera or not, downloading it is completely pointless. You could equally install the software without any verification using the downloaded key. The present method provided by Opera only pretends a security, which is in fact not there.
