[Bug 1562733] Re: apt signature requierements prevent updates from some repositories

Julian Andres Klode juliank at ubuntu.com
Sun May 8 10:09:07 UTC 2016

I'm thinking about merging my APT branch upstream and giving it some
testing on users.

For appstream, it might make sense to move the hook from APT::Update
::Post-Invoke-Success to APT::Update::Post-Invoke so it runs even if the
update errors - APT updates its cache as well, and makes sure the lists
directory is kept in a sane state.

** Also affects: appstream (Ubuntu)
   Importance: Undecided
       Status: New

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.

  apt signature requierements prevent updates from some repositories

Status in appstream package in Ubuntu:
Status in apt package in Ubuntu:
  In Progress

Bug description:
  Since xenial updated the requirements for the strength of PGP
  signatures of packages, packages from some repositories are no longer
  updated. Apt-get update reports these errors:

  E: Failed to fetch http://[...]/Release  No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
  E: Some index files failed to download. They have been ignored, or old ones used instead.

  While the motivation for the change is valid, the result is a
  potential security problem, as the new versions of the packages that
  may fix recently discovered vulnerabilities are not automatically

  One less important but unfortunate effect is a scary message that is
  displayed to the user, without clear explanation that the problem
  needs to be addressed by the repository owner.

  Related: Bug #1558331

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list