[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: amd64 stable release signature problems?

"Ed L. Cashin" <ecashin@coraid.com> writes:

> On Wed, Jul 26, 2006 at 12:14:30PM +0200, Goswin von Brederlow wrote:
>> "Ed L. Cashin" <ecashin@coraid.com> writes:
> ...
>> > I can get rid of the error that way, but I still am curious about why
>> > there's a bad signature on the release file for the amd64 stable APT
>> > repository.
>> But sarge users will still have it.
> You mean amd64 sarge users still have a BADSIG error when running
> apt-get update?
>   makki:/home/ecashin# apt-get update
> ...
>   Reading package lists... Done
>   W: GPG error: http://amd64.debian.net stable Release: The following signatures were invalid: BADSIG E415B2B4B5F5BBED Debian AMD64 Archive Key <debian-amd64@lists.debian.org>
>   W: You may want to run apt-get update to correct these problems

With the exception that sarge apt-get does not run the gpg test.

> If not, I suppose sarge isn't using the public key crypto stuff, which
> would explain why this still hasn't been fixed.  However, then the
> question would be: if sarge isn't using public key crypto, why is the
> release file signed at all?

Debmirror or reprepro do use the signature and anyone that cares to
check. It could even be that debian-cd does check too before building
a cd.

> So if the Release file has a bad signature, who would be the one to
> remove the signature?  I wouldn't mind contacting that person.

Ganneff or aba on irc.


Reply to: