When manually downloading software from software platforms such as Github or Sourceforge it is recommended to verify them. Does the Software Boutique have an in-built verification mechanism to secure the integrity of its files before installing them? What about “unofficial” PPAs, that is PPAs maintained by someone else other than the original developer?
My understanding is that when adding any PPAs, the OS automatically imports the keys to verify the downloaded package.
1 Like
Boutique uses Apt. As @abrowne mentions, signing keys are used to verify a package is really from its creator.
For what PPAs are used… most of them are from their “official” sources. Only a few are “unofficial” (but are from trusted, reputable sources) and a handful are maintained by @Wimpy himself.
There is a tool in the main repository (tools/app-index-debugger.py) that can be used to query everything listed in the index.
Here you go – here’s some output from app-index-debugger.py with everything in the Boutique today (4th August):
./tools/app-index-debugger.py --list-sources
Applications that use PPAs (and which ones)
+-------------+-------------------------+--------+----------------------------------------+
| Category | Program ID | Method | PPA |
+-------------+-------------------------+--------+----------------------------------------+
| Accessories | antiviral | ppa | ppa:atareao/antiviral |
| Accessories | diodon | ppa | ppa:diodon-team/stable |
| Accessories | keepassx | ppa | ppa:flexiondotorg/keeypassx |
| Accessories | recentnotifications | ppa | ppa:jconti/recent-notifications |
| Accessories | subsurface | ppa | ppa:subsurface/subsurface |
| Accessories | veracrypt | ppa | ppa:unit193/encryption |
| Education | stellarium | ppa | ppa:stellarium/stellarium-releases |
| Games | 0ad | ppa | ppa:wfg/0ad |
| Games | flightgear | ppa | ppa:saiarcot895/flightgear |
| Games | minecraft | ppa | ppa:flexiondotorg/minecraft |
| Games | retroarch | ppa | ppa:libretro/stable |
| Games | wine-devel | ppa | ppa:wine/wine-builds |
| Internet | adobeflash | ppa | ppa:flexiondotorg/hal-flash |
| Internet | corebird | ppa | ppa:ubuntuhandbook1/corebird |
| Internet | gajim | ppa | ppa:flexiondotorg/gajim |
| Internet | gobby | ppa | ppa:flexiondotorg/gobby |
| Internet | mumble | ppa | ppa:mumble/release |
| Internet | sparkleshare | ppa | ppa:flexiondotorg/sparkleshare |
| Internet | telegram | ppa | ppa:flexiondotorg/telegram |
| Internet | tor-browser | ppa | ppa:webupd8team/tor-browser |
| Internet | uget | ppa | ppa:plushuang-tw/uget-stable |
| Internet | x2goclient | ppa | ppa:wireshark-dev/stable |
| KnownRepos | mate-14 | ppa | ppa:ubuntu-mate-dev/xenial-mate |
| KnownRepos | ubuntu-mate-welcome-dev | ppa | ppa:lah7/ubuntu-mate-welcome-dev |
| KnownRepos | ubuntu-wine | ppa | ppa:ubuntu-wine/ppa |
| Media | anoise | ppa | ppa:costales/anoise |
| Media | audio-recorder | ppa | ppa:osmoma/audio-recorder |
| Media | audio-recorder | ppa | ppa:audio-recorder/ppa |
| Media | clementine | ppa | ppa:me-davidsansome/clementine |
| Media | kodi | ppa | ppa:team-xbmc/ppa |
| Media | makemkv | ppa | ppa:heyarje/makemkv-beta |
| Media | musescore | ppa | ppa:mscore-ubuntu/mscore-stable |
| Media | obs-studio | ppa | ppa:obsproject/obs-studio |
| Media | ocenaudio32 | ppa | ppa:flexiondotorg/audio |
| Media | ocenaudio64 | ppa | ppa:flexiondotorg/audio |
| Media | openshot-qt | ppa | ppa:openshot.developers/ppa |
| Media | pithos | ppa | ppa:pithos/ppa |
| Media | simplescreenrecorder | ppa | ppa:maarten-baert/simplescreenrecorder |
| Media | youtube-dlg | ppa | ppa:flexiondotorg/youtube-dl-gui |
| Office | libreoffice | ppa | ppa:libreoffice/ppa |
| Office | rednotebook | ppa | ppa:rednotebook/stable |
| Programming | atom | ppa | ppa:webupd8team/atom |
| Programming | git-cola | ppa | ppa:git-core/ppa |
| Programming | ubuntu-make | ppa | ppa:ubuntu-desktop/ubuntu-make |
| Programming | ubuntu-sdk | ppa | ppa:ubuntu-sdk-team/ppa |
| Servers | minecraft-server | ppa | ppa:flexiondotorg/minecraft |
| Servers | murmur | ppa | ppa:mumble/release |
| Servers | x2go-server | ppa | ppa:x2go/stable |
| SysTools | aptik | ppa | ppa:teejee2008/ppa |
| SysTools | kdeconnect | ppa | ppa:vikoadi/ppa |
| SysTools | terminator | ppa | ppa:gnome-terminator/ppa |
| UnivAccess | eviacam | ppa | ppa:cesar-crea-si/eviacam |
| UnivAccess | gnome-orca | ppa | ppa:accessibility-dev/ppa |
| Unlisted | boot-repair | ppa | ppa:yannubuntu/boot-repair |
| Unlisted | nvidia-settings | ppa | ppa:graphics-drivers/ppa |
| Unlisted | solaar | ppa | ppa:daniel.pavel/solaar |
| Unlisted | ubuntu-mate-welcome | ppa | ppa:ubuntu-mate-dev/welcome |
+-------------+-------------------------+--------+----------------------------------------+
Applications that use external sources
+-------------+---------------------+--------+---------------------------+
| Category | Program ID | Method | Source File |
+-------------+---------------------+--------+---------------------------+
| Accessories | enpass | manual | enpass.list |
| Games | lutris | manual | lutris.list |
| Games | playonlinux | manual | playonlinux.list |
| Internet | btsync | manual | btsync.list |
| Internet | dropbox | manual | dropbox.list |
| Internet | google-chrome | manual | google-chrome.list |
| Internet | google-musicmanager | manual | google-musicmanager.list |
| Internet | google-talkplugin | manual | google-talkplugin.list |
| Internet | hipchat | manual | atlassian-hipchat4.list |
| Internet | hipchat | manual | atlassian-hipchat4.list |
| Internet | insync | manual | insync.list |
| Internet | opera-browser | manual | opera-stable.list |
| Internet | owncloud-client | manual | owncloud-client.list |
| Internet | spideroakone | manual | spideroakone.list |
| Internet | syncthing | manual | syncthing.list |
| Internet | vivaldi | manual | vivaldi.list |
| Media | nuvolaplayer | manual | tiliado-nuvolaplayer.list |
| Media | spotify | manual | spotify.list |
| Servers | emby | manual | emby-server.list |
| SysTools | virtualbox | manual | virtualbox.list |
| Unlisted | libdvdcss2 | manual | libdvdcss2.list |
+-------------+---------------------+--------+---------------------------+
Everything else comes from the Ubuntu repositories.
1 Like