[Bug 1562733] Re: apt signature requierements prevent updates from some repositories
Julian Andres Klode
juliank at ubuntu.com
Sun May 15 16:24:45 UTC 2016
Dropping the AppStream task, as that's more of an APT bug. With the SRU
and change in yakkety, appstream data is now generated even if some
Note that I chose not to close this bug report with those uploads, as
this bug report sort of keeps track of the larger problem of these error
class, and not the appstream-related aspect in particular.
With this most important problem gone, I consider marking this bug as
wontfix for xenial - Long term we will have a reworked handling of
untrusted repositories, but I think this is probably going to be to
invasive for xenial to backport.
** No longer affects: appstream (Ubuntu)
** No longer affects: appstream (Ubuntu Xenial)
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
apt signature requierements prevent updates from some repositories
Status in apt package in Ubuntu:
Status in apt source package in Xenial:
Since xenial updated the requirements for the strength of PGP
signatures of packages, packages from some repositories are no longer
updated. Apt-get update reports these errors:
E: Failed to fetch http://[...]/Release No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old ones used instead.
While the motivation for the change is valid, the result is a
potential security problem, as the new versions of the packages that
may fix recently discovered vulnerabilities are not automatically
One less important but unfortunate effect is a scary message that is
displayed to the user, without clear explanation that the problem
needs to be addressed by the repository owner.
Related: Bug #1558331
To manage notifications about this bug go to:
More information about the foundations-bugs