apt-check-sigs and apt-get sig errors

To: <debian-security@lists.debian.org>
Subject: apt-check-sigs and apt-get sig errors
From: "Hedges, Mark" <visitmxh@rand.org>
Date: Mon, 28 Aug 2006 11:19:25 -0700
Message-id: <[🔎] ED857B54821B4442AFA01D80AD259585405505@smmail9.rand.org>

 
Is apt-check-sigs supposed to work with etch these days?  Does this mean
nothing works right, or am I compromised?  

I get sporadic complaints from `apt-get update` as well saying that the
packages are not signed with the right key.
 
-Mark
 
hedges-m:~# ./apt-check-sigs
 
Checking sources in /etc/apt/sources.list:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
You should take care to ensure that the distributions you're downloading
are the ones you think you are downloading, and that they are as up to
date as you would expect (testing and unstable should be no more than
two or three days out of date, stable-updates no more than a few weeks
or a month).
 
Source: deb http://ftp.us.debian.org/debian/ stable main non-free
contrib
  o Origin: Debian/Debian
  o Suite: stable/sarge
  o Date: Tue, 18 Apr 2006 13:17:42 UTC
  o Description: Debian 3.1r2 Released 17 April 2006
  * COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
  * NO VALID SIGNATURE
  * PROBLEMS WITH main (OK, NOCHECK)
  * PROBLEMS WITH non-free (OK, NOCHECK)
  * PROBLEMS WITH contrib (OK, NOCHECK)
 
Source: deb http://ftp.us.debian.org/debian/ testing main non-free
contrib
  o Origin: Debian/Debian
  o Suite: testing/etch
  o Date: Sun, 27 Aug 2006 19:59:23 UTC
  o Description: Debian Testing distribution - Not Released
  * COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
  * NO VALID SIGNATURE
  * PROBLEMS WITH main (OK, NOCHECK)
  * PROBLEMS WITH non-free (OK, NOCHECK)
  * PROBLEMS WITH contrib (OK, NOCHECK)
 
Source: deb http://security.debian.org/ stable/updates main contrib
non-free
  o Origin: Debian/Debian-Security
  o Suite: stable/sarge
  o Date: Mon, 28 Aug 2006 05:24:39 UTC
  o Description: Debian 3.1 Security Updates
  * COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
  * NO VALID SIGNATURE
  * PROBLEMS WITH main (OK, NOCHECK)
  * PROBLEMS WITH contrib (OK, NOCHECK)
  * PROBLEMS WITH non-free (OK, NOCHECK)
 
Source: deb http://security.debian.org/ testing/updates main contrib
non-free
  o Origin: Debian/Debian-Security
  o Suite: testing/etch
  o Date: Mon, 28 Aug 2006 05:24:39 UTC
  o Description: Debian testing Security Updates
  * COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
  * NO VALID SIGNATURE
  * PROBLEMS WITH main (OK, NOCHECK)
  * PROBLEMS WITH contrib (OK, NOCHECK)
  * PROBLEMS WITH non-free (OK, NOCHECK)
 
Results
~~~~~~~
 
find: warning: you have specified the -maxdepth option after a
non-option argument -type, but options are not positional (-maxdepth
affects tests specified before it as well as those specified after it).
Please specify options before other arguments.
 
The following files in /var/lib/apt/lists have not been validated.
This could turn out to be a harmless indication that this script is
buggy
or out of date, or it could let trojaned packages get onto your system.
 
    ftp.us.debian.org_debian_dists_stable_Release
    ftp.us.debian.org_debian_dists_stable_Release.gpg
 
ftp.us.debian.org_debian_dists_testing_contrib_binary-i386_Packages.Inde
xDiff
 
ftp.us.debian.org_debian_dists_testing_main_binary-i386_Packages.IndexDi
ff
 
ftp.us.debian.org_debian_dists_testing_non-free_binary-i386_Packages.Ind
exDiff
    ftp.us.debian.org_debian_dists_testing_Release
    ftp.us.debian.org_debian_dists_testing_Release.gpg
    security.debian.org_dists_stable_updates_Release
    security.debian.org_dists_testing_updates_Release
 
The contents of the following files in /var/lib/apt/lists could not be
validated due to the lack of a signed Release file, or the lack of an
appropriate entry in a signed Release file. This probably means that the
maintainers of these sources are slack, but may mean these sources are
being actively used to distribute trojans.  The files have been renamed
to have the extension .FAILED and will be ignored by apt.
 
    ftp.us.debian.org_debian_dists_stable_main_binary-i386_Packages
    ftp.us.debian.org_debian_dists_stable_non-free_binary-i386_Packages
    ftp.us.debian.org_debian_dists_stable_contrib_binary-i386_Packages
    ftp.us.debian.org_debian_dists_testing_main_binary-i386_Packages
    ftp.us.debian.org_debian_dists_testing_non-free_binary-i386_Packages
    ftp.us.debian.org_debian_dists_testing_contrib_binary-i386_Packages
    security.debian.org_dists_stable_updates_main_binary-i386_Packages
 
security.debian.org_dists_stable_updates_contrib_binary-i386_Packages
 
security.debian.org_dists_stable_updates_non-free_binary-i386_Packages
    security.debian.org_dists_testing_updates_main_binary-i386_Packages
 
security.debian.org_dists_testing_updates_contrib_binary-i386_Packages
 
security.debian.org_dists_testing_updates_non-free_binary-i386_Packages
 


--------------------

This email message is for the sole use of the intended recipient(s) and
may contain privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.

Reply to:

Prev by Date: Re: Why is portmap installed by default?
Next by Date: La Juve fara ricorso al Tar. Matarrese ad Affari: "I calendari restano fissati al 30 agosto"
Previous by thread: axis
Next by thread: RE: apt-check-sigs and apt-get sig errors
Index(es):
- Date
- Thread