[Bug 1562733] Re: apt signature requierements prevent updates from some repositories

Julian Andres Klode juliank at ubuntu.com
Sun May 15 16:24:45 UTC 2016

Dropping the AppStream task, as that's more of an APT bug. With the SRU
and change in yakkety, appstream data is now generated even if some
updates failed.

Note that I chose not to close this bug report with those uploads, as
this bug report sort of keeps track of the larger problem of these error
class, and not the appstream-related aspect in particular.

With this most important problem gone, I consider marking this bug as
wontfix for xenial - Long term we will have a reworked handling of
untrusted repositories, but I think this is probably going to be to
invasive for xenial to backport.

** No longer affects: appstream (Ubuntu)

** No longer affects: appstream (Ubuntu Xenial)

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.

  apt signature requierements prevent updates from some repositories

Status in apt package in Ubuntu:
  In Progress
Status in apt source package in Xenial:

Bug description:
  Since xenial updated the requirements for the strength of PGP
  signatures of packages, packages from some repositories are no longer
  updated. Apt-get update reports these errors:

  E: Failed to fetch http://[...]/Release  No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes
  E: Some index files failed to download. They have been ignored, or old ones used instead.

  While the motivation for the change is valid, the result is a
  potential security problem, as the new versions of the packages that
  may fix recently discovered vulnerabilities are not automatically

  One less important but unfortunate effect is a scary message that is
  displayed to the user, without clear explanation that the problem
  needs to be addressed by the repository owner.

  Related: Bug #1558331

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list