Re: amd64 stable release signature problems?
"Ed L. Cashin" <ecashin@coraid.com> writes:
> On Wed, Jul 26, 2006 at 12:14:30PM +0200, Goswin von Brederlow wrote:
>> "Ed L. Cashin" <ecashin@coraid.com> writes:
> ...
>> > I can get rid of the error that way, but I still am curious about why
>> > there's a bad signature on the release file for the amd64 stable APT
>> > repository.
>>
>> But sarge users will still have it.
>
> You mean amd64 sarge users still have a BADSIG error when running
> apt-get update?
>
> makki:/home/ecashin# apt-get update
> ...
> Reading package lists... Done
> W: GPG error: http://amd64.debian.net stable Release: The following signatures were invalid: BADSIG E415B2B4B5F5BBED Debian AMD64 Archive Key <debian-amd64@lists.debian.org>
> W: You may want to run apt-get update to correct these problems
With the exception that sarge apt-get does not run the gpg test.
> If not, I suppose sarge isn't using the public key crypto stuff, which
> would explain why this still hasn't been fixed. However, then the
> question would be: if sarge isn't using public key crypto, why is the
> release file signed at all?
Debmirror or reprepro do use the signature and anyone that cares to
check. It could even be that debian-cd does check too before building
a cd.
> So if the Release file has a bad signature, who would be the one to
> remove the signature? I wouldn't mind contacting that person.
Ganneff or aba on irc.
MfG
Goswin
Reply to: