Re: Error getting backports indexes

[Thomas Goirand <thomas@goirand.fr>]

----- Original message -----
> * Thomas Goirand <zigo@debian.org> [2011-02-08 09:41:28 CET]:
> > On 02/08/2011 03:43 PM, Alexander Wirt wrote:
> > > > W: GPG error: http://backports.debian.org lenny-backports Release:
> > > > The following signatures were invalid: BADSIG 9AA38DCD55BE302B
> > > > Debian Archive Automatic Signing Key (5.0/lenny)
> > > > <ftpmaster@debian.org>
> > > I did a small check: the key mentioned here is included in one of
> > > the newer debian-archive-keyring packages available in lenny
> > > (currently 2010.08.28~lenny1 is available). Please take sure that
> > > you have the latest version of that packages from the lenny-archive
> > > installed. 
> > > 
> > > So there is no problem with bpo, my lenny boxes don't have problems
> > > with the key. 
> > 
> > Could it simply be that the archive is signed with 2 keys, and dpkg/apt
> > prints a warning when it shouldn't, but everything is fine, like said
> > earlier on some lists?
> 
>   Can you please test that before claiming so?

I wasn't claiming at all, but asking...

> The double-signature is
> long gone, and the key quoted above is part of the
> debian-archive-keyring package introduced in package version 2009.01.31,
> was uploaded to stable on 2010-08-29 through package version
> 2010.08.28~lenny1, and is part of the regular lenny pool since 5.0.6
> which was released on September 4th last year:
> <http://www.debian.org/News/2010/20100904>

Cool.

>   It would be very helpful if you couldn't spread rumours like that
> without any background information or at least basic level of checking
> done by yourself.

I don't think a sentence ending with a question
mark counts as "spreading rumours". I was only
trying to help by searching through possibilities,
without any certainty, it was a guess, denoted by
the question mark!

Thomas