apt-check-sigs and apt-get sig errors
Is apt-check-sigs supposed to work with etch these days? Does this mean
nothing works right, or am I compromised?
I get sporadic complaints from `apt-get update` as well saying that the
packages are not signed with the right key.
-Mark
hedges-m:~# ./apt-check-sigs
Checking sources in /etc/apt/sources.list:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You should take care to ensure that the distributions you're downloading
are the ones you think you are downloading, and that they are as up to
date as you would expect (testing and unstable should be no more than
two or three days out of date, stable-updates no more than a few weeks
or a month).
Source: deb http://ftp.us.debian.org/debian/ stable main non-free
contrib
o Origin: Debian/Debian
o Suite: stable/sarge
o Date: Tue, 18 Apr 2006 13:17:42 UTC
o Description: Debian 3.1r2 Released 17 April 2006
* COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
* NO VALID SIGNATURE
* PROBLEMS WITH main (OK, NOCHECK)
* PROBLEMS WITH non-free (OK, NOCHECK)
* PROBLEMS WITH contrib (OK, NOCHECK)
Source: deb http://ftp.us.debian.org/debian/ testing main non-free
contrib
o Origin: Debian/Debian
o Suite: testing/etch
o Date: Sun, 27 Aug 2006 19:59:23 UTC
o Description: Debian Testing distribution - Not Released
* COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
* NO VALID SIGNATURE
* PROBLEMS WITH main (OK, NOCHECK)
* PROBLEMS WITH non-free (OK, NOCHECK)
* PROBLEMS WITH contrib (OK, NOCHECK)
Source: deb http://security.debian.org/ stable/updates main contrib
non-free
o Origin: Debian/Debian-Security
o Suite: stable/sarge
o Date: Mon, 28 Aug 2006 05:24:39 UTC
o Description: Debian 3.1 Security Updates
* COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
* NO VALID SIGNATURE
* PROBLEMS WITH main (OK, NOCHECK)
* PROBLEMS WITH contrib (OK, NOCHECK)
* PROBLEMS WITH non-free (OK, NOCHECK)
Source: deb http://security.debian.org/ testing/updates main contrib
non-free
o Origin: Debian/Debian-Security
o Suite: testing/etch
o Date: Mon, 28 Aug 2006 05:24:39 UTC
o Description: Debian testing Security Updates
* COULDN'T CHECK SIGNATURE BY KEYID: 010908312D230C5F
* NO VALID SIGNATURE
* PROBLEMS WITH main (OK, NOCHECK)
* PROBLEMS WITH contrib (OK, NOCHECK)
* PROBLEMS WITH non-free (OK, NOCHECK)
Results
~~~~~~~
find: warning: you have specified the -maxdepth option after a
non-option argument -type, but options are not positional (-maxdepth
affects tests specified before it as well as those specified after it).
Please specify options before other arguments.
The following files in /var/lib/apt/lists have not been validated.
This could turn out to be a harmless indication that this script is
buggy
or out of date, or it could let trojaned packages get onto your system.
ftp.us.debian.org_debian_dists_stable_Release
ftp.us.debian.org_debian_dists_stable_Release.gpg
ftp.us.debian.org_debian_dists_testing_contrib_binary-i386_Packages.Inde
xDiff
ftp.us.debian.org_debian_dists_testing_main_binary-i386_Packages.IndexDi
ff
ftp.us.debian.org_debian_dists_testing_non-free_binary-i386_Packages.Ind
exDiff
ftp.us.debian.org_debian_dists_testing_Release
ftp.us.debian.org_debian_dists_testing_Release.gpg
security.debian.org_dists_stable_updates_Release
security.debian.org_dists_testing_updates_Release
The contents of the following files in /var/lib/apt/lists could not be
validated due to the lack of a signed Release file, or the lack of an
appropriate entry in a signed Release file. This probably means that the
maintainers of these sources are slack, but may mean these sources are
being actively used to distribute trojans. The files have been renamed
to have the extension .FAILED and will be ignored by apt.
ftp.us.debian.org_debian_dists_stable_main_binary-i386_Packages
ftp.us.debian.org_debian_dists_stable_non-free_binary-i386_Packages
ftp.us.debian.org_debian_dists_stable_contrib_binary-i386_Packages
ftp.us.debian.org_debian_dists_testing_main_binary-i386_Packages
ftp.us.debian.org_debian_dists_testing_non-free_binary-i386_Packages
ftp.us.debian.org_debian_dists_testing_contrib_binary-i386_Packages
security.debian.org_dists_stable_updates_main_binary-i386_Packages
security.debian.org_dists_stable_updates_contrib_binary-i386_Packages
security.debian.org_dists_stable_updates_non-free_binary-i386_Packages
security.debian.org_dists_testing_updates_main_binary-i386_Packages
security.debian.org_dists_testing_updates_contrib_binary-i386_Packages
security.debian.org_dists_testing_updates_non-free_binary-i386_Packages
--------------------
This email message is for the sole use of the intended recipient(s) and
may contain privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
Reply to: