A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, itβs welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
Icon by @Double_A@discuss.tchncs.de
- 0 users online
- 251 users / day
- 963 users / week
- 2.45K users / month
- 5.6K users / 6 months
- 1 subscriber
- 3.07K Posts
- 119K Comments
- Modlog
It is a public GPG key (not a Microsoft Publisher file) and while I donβt know, I assume it is used to verify that future updates are from Nvidia and not a malicious third party. It is really common (if not required) to install and trust a new gpg key when adding a new repository in Linux package managers, and done for safety reasons without privacy implications, and I am guessing this is what Nvidia is doing here.
Where do you see any indication that it is used for identification of you/your machine?
deleted by creator
these warnings are interesting, but
-Wno-deprecated-gpu-targetsmakes me think maybe your card is nearing end of support for CUDA. after that youll need to install an old version of cuda manually (or pin the package versions and risk them silently keeping back other packages too)what card is it?
also, please take screenshots with the systemβs screenshot tool because this is so bad. I mean, multi-megabyte screenshotsβ¦
deleted by creator
what kind of key file do you mean? where do you see it?
also, I donβt understand how mirrors, gcc and clang come into picture. or Microsoft
deleted by creator
on my distro its common that all repositories use their own signing keys to sign the packages they provide. this includes the nvidia repository. I think here you are prompted to save their key so that your package manager can accept their packages.
I might be wrong, though. next time you could check what happens if you type N. my expectation is that the package manager will throw errors about unverifiable packages
deleted by creator
yeah, signing keys expire from time to time and then they need to be replaced or updated. but these are not per-user, these are public and cannot be kept in secret. this is not a subscription code, not a DRM either, itβs one of those very few exceptions when they are provided for actual security. the packages you download are already signed with the key, if you donβt accept the key your package manager just wont be able to verify if they have been tampered with while in transit. if you donβt accept the key, you can still install the packages, but then you also need to pass the parameter to your package manager that tells it to not verify the packagesthis time, which is 99.999% of the cases a bad idea.
oh forgot the second part.
first of all.
.pubfiles are not microsoft owned keyfiles, but Microsoft Office Publisher documents. this is irrelevant now, but this is the only connection of microsoft with.pubfilessecond of all,
.pubfiles can also be OpenPGP public key files. do you use SSH? look into your~/.ssh/directory and you will see them there too. also in/etc/ssh/deleted by creator