gpg key?

me too , lame
I use miro on all my fedora installs,
+ plus I have to sign in to add another comment
I am out of here and deleting the Intrepid repo
Lame

Please add a gpg key. It's a bit annoying to get those (unnecessary) warnings. And also, if you added all the commands to one code-line, people could simply copy/paste that line into their terminal and everything would be okay in a jippy.

Yes, please add a GPG key as per Carl's request...

I don't add third-party repositories that don't provide a GPG key. Why? Mostly because of apt's "WARNING: The following packages cannot be authenticated!" message. See, it conjures the bit of paranoia in me which I enjoy leaving dormant.

Do your part in helping to keep paranoia dormant.

It's on-par with feeding starving children.

From a modern security standpoint, it's almost negligent not to provide authentication for packages you intend for distribution, let alone mainstream adoption. The general philosophy of "openness" is incongruous with "insecurity." The Miro repository needs a secure key; otherwise, I cannot justify using the application, which is unfortunate considering its prime candidacy for deployment in our software image.

Not to mention the pomposity oozing from the over-simplified "We don't sign our packages, so there is no gpg key." response.

It might as well read: "Meh."

With that said, I've been without Miro for a bit now and life seems to be rather okay. Although a nice alternative by creators that put effort into signing packages while refraining from sardonic answers on Get Satisfaction would be quite spiffy.

The packages should be signed. End of story.

Is there any help or support the community can provide to the Miro developers to facilitate this implementation?

WARNING: The following packages cannot be authenticated!
miro
Install these packages without verification [y/N]? N
E: Some packages could not be authenticated

Ummm,
Unlikely?????
Home systems.... as opposed to Work systems????
There are good practices and there are bad practices.
I treat my "Home systems" just as I would an enterprise system,
you may not, and that is your prerogative, but to post a comment like that is
slightly absurd. Unlikely is not good enough for proper security - period.
That's like the Captain of the Titanic saying, Most ships are unlikely to sink if they hit a little ice. Come on.

I am not flaming you, nor the developers. I am standing by my assertion that signing keys are warranted here. They have been used in modern distributions easily since around 2000. It's 2009 let's get up to snuff.
An unsigned package = a not installed package. It's a non-starter.

I can not believe the attitude of developers on this! I used miro and I loved it! Then I reinstalled my distro, now im installing miro again and i noticed this warning about unsigned packages and so i googled here. I registered just to post this: I AM NOT going to install miro until there are signed packages. I will simply not use it at all. After all, life was as good before. We need free video. but we have to be sure it is free, not some trap. I cant believe its such a problem for the devs. or is there something more into it???

If you build your packages using the standard Debian process it even auto-signs your freshly created package set. You just have to enter the passphrase for the package signing key. It was designed specifically to be easy for the developers to sign their packages.

And, yes, package integrity is a big plus. You do not sign, so tampering on the distribution site will go unnoticed. Mass rollout of a modified program version willl go unnoticed. Miro is a software with full network access, so it would pose a strategic target if the installed base is big enough.

Please add package signing. It is worth the effort. Thank you.