Covered by this issue, https://wiki.ubuntuusers.de/some/program has become available in the meantime and it's https-only which is good.
To go for add-apt-repository ppa:<name of ppa> is a nice way and I'm aware of this. Nice as long as key material is transferred in a secure manner (e.g. https-only). But first of all this is not copy-paste-able (user has to click "(Read about installing)" to see the full command, and still can't copy-paste something. And secondly, I still see sudo apt-key add all over the place, often with wget via http and even with https it is hard to verify trustworthyness unless it origins e.g. from the maintainer's domain. Please make the add-apt-repository ppa:<name of ppa> syntax copy- pasteable all over the place at least for launchpad-hosted packages. This is much easier for average users and it's ways more realistic that they use it and install software in a safe manner. This should at least cover launchpad's packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1460242 Title: documentation: apt-keys via http allows man-in-the-middle-attacks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/add-apt-key/+bug/1460242/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
