Re: Debian packages without md5sums
Daniel Burrows <email@example.com> writes:
> On Tue, Oct 02, 2007 at 09:02:41PM -0700, Carl Johnson <firstname.lastname@example.org> was heard to say:
> > Daniel Burrows <email@example.com> writes:
> > > dpkg performs no key checking, at least on packages in the Debian
> > > archive. There was some experimental code to stick embedded signatures
> > > into .deb files, but I don't know what it's status is and packages
> > > containing signatures aren't allowed in the archive last I heard.
> > Is there some way to get the system to re-read the release file? I
> > installed the key after I upgradeed the system to etch, so all
> > packages on my DVDs show as being unverified. I have tried to get it
> > to clear that, but nothing I have tried has worked. I also noticed
> > recently that some packages show multiple entries in aptitude, so
> > possibly clearing the entries would clear that.
> I believe that just updating your package lists should do the trick.
That didn't seem to change anything. I even commented out all lines
in the sources.list file before first doing an update. That showed no
uninstalled files available, so I then did another apt-cdrom and
update. That showed the available files, but I still got the
untrusted source warning. I do have the debian-archive-keyring that
apt depends on.
I just noticed that I still have multiple entries in aptitude for some
of the installed files listed under 'Packages which depend on apt'.
For example apt shows 'debtags 1.6.6' twice.
Carl Johnson firstname.lastname@example.org