[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Error getting backports indexes

* Thomas Goirand <zigo@debian.org> [2011-02-08 09:41:28 CET]:
> On 02/08/2011 03:43 PM, Alexander Wirt wrote:
> >> W: GPG error: http://backports.debian.org lenny-backports Release: The following signatures were invalid: BADSIG 9AA38DCD55BE302B Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>
> > I did a small check: the key mentioned here is included in one of the newer
> > debian-archive-keyring packages available in lenny (currently
> > 2010.08.28~lenny1 is available). Please take sure that you have the latest
> > version of that packages from the lenny-archive installed. 
> > 
> > So there is no problem with bpo, my lenny boxes don't have problems with the
> > key. 
> Could it simply be that the archive is signed with 2 keys, and dpkg/apt
> prints a warning when it shouldn't, but everything is fine, like said
> earlier on some lists?

 Can you please test that before claiming so?  The double-signature is
long gone, and the key quoted above is part of the
debian-archive-keyring package introduced in package version 2009.01.31,
was uploaded to stable on 2010-08-29 through package version
2010.08.28~lenny1, and is part of the regular lenny pool since 5.0.6
which was released on September 4th last year:

 It would be very helpful if you couldn't spread rumours like that
without any background information or at least basic level of checking
done by yourself.  All three Release files available through backports
(lenny-backports, lenny-backports-sloppy and squeeze-backports) are
only signed with this very mentioned key.

"What are the differences between Mark Zuckerberg and me? I give private
 information on corporations to you for free, and I'm a villain.
 Zuckerberg gives your private information to corporations for money and
 he's Man of the Year."         -- Julian Assange

Reply to: