[Bug 1562733] Re: apt signature requierements prevent updates from some repositories
Julian Andres Klode
juliank at ubuntu.com
Tue May 10 18:05:53 UTC 2016
Maybe we should split this up into the AppStream related issue and the
signature error itself or repurpose it for the former? The AppStream
issue will be fixed soonish by invoking -Success even when some sources
failed - because some sources succeeded, so we have something new to
update from (and APT updates the cache anyway).
I'd like to not complicate this any further, the error message is very
useful otherwise, as users do not get notified about anything otherwise
(python clients just drop all warnings). Clients should not abort on an
error here anyway (for the reason given above), this instance is just
** Patch added: "Fix for the AppStream issue, currently in testing"
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
apt signature requierements prevent updates from some repositories
Status in appstream package in Ubuntu:
Status in apt package in Ubuntu:
Since xenial updated the requirements for the strength of PGP
signatures of packages, packages from some repositories are no longer
updated. Apt-get update reports these errors:
E: Failed to fetch http://[...]/Release No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old ones used instead.
While the motivation for the change is valid, the result is a
potential security problem, as the new versions of the packages that
may fix recently discovered vulnerabilities are not automatically
One less important but unfortunate effect is a scary message that is
displayed to the user, without clear explanation that the problem
needs to be addressed by the repository owner.
Related: Bug #1558331
To manage notifications about this bug go to:
More information about the foundations-bugs