[Bug 1562733] Re: apt signature requierements prevent updates from some repositories

Julian Andres Klode juliank at ubuntu.com
Tue May 10 18:05:53 UTC 2016 

Maybe we should split this up into the AppStream related issue and the
signature error itself or repurpose it for the former? The AppStream
issue will be fixed soonish by invoking -Success even when some sources
failed - because some sources succeeded, so we have something new to
update from (and APT updates the cache anyway).

I'd like to not complicate this any further, the error message is very
useful otherwise, as users do not get notified about anything otherwise
(python clients just drop all warnings). Clients should not abort on an
error here anyway (for the reason given above), this instance is just
more common.

** Patch added: "Fix for the AppStream issue, currently in testing"
   https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1562733/+attachment/4660036/+files/0001-update-Run-Post-Invoke-Success-if-not-all-sources-fa.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1562733

Title:
  apt signature requierements prevent updates from some repositories

Status in appstream package in Ubuntu:
  Triaged
Status in apt package in Ubuntu:
  In Progress

Bug description:
  Since xenial updated the requirements for the strength of PGP
  signatures of packages, packages from some repositories are no longer
  updated. Apt-get update reports these errors:

  E: Failed to fetch http://[...]/Release  No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
  E: Some index files failed to download. They have been ignored, or old ones used instead.

  While the motivation for the change is valid, the result is a
  potential security problem, as the new versions of the packages that
  may fix recently discovered vulnerabilities are not automatically
  installed.

  One less important but unfortunate effect is a scary message that is
  displayed to the user, without clear explanation that the problem
  needs to be addressed by the repository owner.

  Related: Bug #1558331

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1562733/+subscriptions

More information about the foundations-bugs mailing list