[Bug 1562733] Re: apt signature requierements prevent updates from some repositories
Julian Andres Klode
juliank at ubuntu.com
Sat May 7 17:33:56 UTC 2016
Hi Fabio,
in your case, everything seems to be fine signature wise on your system.
Now, the Ign you see are for InRelease files, because APT falls back to
Release files a few lines later.
I don't know why you don't see the docker-engine package. Are you
perhaps running i386? The docker package is only provided for amd64. You
should also see the heroku-toolbelt package.
Finally, your system seems a bit messed up. Please delete the files in
/var/lib/apt/lists/partial, as there seems to be some permission issue.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1562733
Title:
apt signature requierements prevent updates from some repositories
Status in apt package in Ubuntu:
In Progress
Bug description:
Since xenial updated the requirements for the strength of PGP
signatures of packages, packages from some repositories are no longer
updated. Apt-get update reports these errors:
E: Failed to fetch http://[...]/Release No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old ones used instead.
While the motivation for the change is valid, the result is a
potential security problem, as the new versions of the packages that
may fix recently discovered vulnerabilities are not automatically
installed.
One less important but unfortunate effect is a scary message that is
displayed to the user, without clear explanation that the problem
needs to be addressed by the repository owner.
Related: Bug #1558331
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1562733/+subscriptions
More information about the foundations-bugs
mailing list