Bad signature for updated packages
Jochen Antesberger
jochen-2009-4thquarter at ozark.de
Wed Dec 9 23:03:18 UTC 2009
Am Wed, 09 Dec 2009 12:15:01 -0600 schrieb Leonard:
> Jochen Antesberger wrote:
>> I just did my ususual aptitude update session to install security
>> updates. Turns out that ntpdate updates fine, but the other three
>> candidates, gdm, devicekit-disks and seahorse-plugins cause a warning
>> that these packages are not trusted.
>>
>> Is there a problem on the Ubuntu servers (using the german mirror) or
>> do I have a corrupted file transfer there?
> Usually when I get that notice using aptitude it ask me if I want to
> install them or not.
> I usually just click yes to install as I know what's in my source.list
> file and intend to
> install whatever is available. I don;t use the German mirror but don't
> think you have
> a corrupted file or Ubuntu server issue. Usually you just have to
> accept the install to
> get the apps installed on your system.
Yes, I could override the message. I do that with self build packages on
my Debian machines, because I'm too lazy to sign them. But with official
packages the whole point of the setup is to prevent a compromised mirror
to put malign packages on my system. So while I suppose there is an
explanation for this I didn't want to just go ahead.
Anyway, since I never really dived into internals it took me a bit to
find where apt keeps the files I suspected to be corrupt and so they were
indeed. Made a backup, deleted them and reran aptitude update. No more
complaints.
Cheers!
More information about the ubuntu-users
mailing list