when I try to install software like a Gimp in the ubuntu I find the following steps
Add this repository
Update
Install the software
But of course when I find on the gimp page I didn't found any repository, so my question is how can trust that it is an official repository?
For example, I found this repository for gimp:
sudo add-apt-repository ppa: otto-kesselgulasch / gimp
But I cannot verify if this repository is fiable or if these binary files have not any malicious software
Is this technique a best practice, I think that if you install this and this source is a not a trusted source, you can take a virus or trojan.
Any idea?
Thanks
