John Summerfield wrote:
I would guess that the packages are unsigned (??) or failed their md5sum check.
Or rather the Release file is unsigned.
I would do one of two things:a. File a bug report on it. This is an excellent way of ensuring the maintainer(s) know about it and is in line with Debian's policy of no secretsb. Ask the maintainer what's going on. Chris Metcalf wrote:I've been getting the strangest error from apt-get lately:
apt-get version: ------- root@fallenidol:/home/krezel# apt-get --version apt 0.6.25 for linux i386 compiled on Jun 9 2004 05:37:07
So you installed the experimental version. But experimental wasn't listed in your sources.list. Presumably this was intentional and you know how this happened. Do you have /var/lib/apt/lists/mirrors.kernel.org_debian_dists_unstable_Release.gpg and /var/lib/apt/lists/mirrors.kernel.org_debian_dists_unstable_Release files[or similar]? Can you manually verify that the signature is valid? Does 'apt-key list' list the appropriate archive signing keys?
Curiously, even though I have invalid Release.gpg/Release pairs[the md5sums listed in the Release files don't match the Packages file they are supposed to correspond to[because they are 6 months older than the actual Packages files, this happens because I don't bother to apt-get update in my chroot, I just copy the lists over from my main install, but my main install has apt 0.5.26 so it doesn't fetch new Release/Release.gpg files], apt-get(0.6.25) doesn't give me any authentication warnings and installs just proceed normally. If I delete the Release.gpg files entirely, than I do start to get authentication warnings.
Attachment:
signature.asc
Description: OpenPGP digital signature