Question: How do this gpg import process work? (gpg --import key.asc vs the above referenced ubuntu server way?) Where does this information get downloaded from in bother manners? My biggest focus is security - would it be best to do "gpg --import WladimirvanderLaankey.acs? (if so, where do i find the correct spelling?)
The first way (
gpg --import key.asc) imports an already downloaded key (which is on your hard drive now) into the pgp database.
The second command (gpg --recv-keys XXXXX) pulls the key with the ID XXXXX from the keyserver you have specified with
--keyserver or from the default one of your distro.
It doesn't really matter which way you choose, both have its pros and cons.
You just need to make sure that the source of your information is correct. This means if you download an .asc file, make sure you download it from the correct site.
And if you import it from a keyserver, makesure the ID you are using is coming from the correct source/website.
~snip~
"If you install a software using a DEB package, there is no guarantee that the installed software will be updated to a newer version when you run sudo apt update && sudo apt upgrade."
~snip~
I personally don't like PPA's either.
You could theoretically use them and wouldn't have much downsides.
But i would stick with the manual method.
Once you installed it, all you need to upgrade is to download the new
.deb-file and run
sudo apt-get install ./newDebFile.deb.
The statement is comparing PPA's to the distros repository (installing packages via apt-get install xxx from the official distro repository).
That's not what you are doing currently, you are downloading the .deb files yourself.