[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian packages without md5sums

Daniel Burrows <dburrows@debian.org> writes:

> On Tue, Oct 02, 2007 at 09:02:41PM -0700, Carl Johnson <carlj@peak.org> was heard to say:
> > Daniel Burrows <dburrows@debian.org> writes:
> > >   dpkg performs no key checking, at least on packages in the Debian
> > > archive.  There was some experimental code to stick embedded signatures
> > > into .deb files, but I don't know what it's status is and packages
> > > containing signatures aren't allowed in the archive last I heard.
> > 
> > Is there some way to get the system to re-read the release file?  I
> > installed the key after I upgradeed the system to etch, so all
> > packages on my DVDs show as being unverified.  I have tried to get it
> > to clear that, but nothing I have tried has worked.  I also noticed
> > recently that some packages show multiple entries in aptitude, so
> > possibly clearing the entries would clear that.
>   I believe that just updating your package lists should do the trick.

That didn't seem to change anything.  I even commented out all lines
in the sources.list file before first doing an update.  That showed no
uninstalled files available, so I then did another apt-cdrom and
update.  That showed the available files, but I still got the
untrusted source warning.  I do have the debian-archive-keyring that
apt depends on.

I just noticed that I still have multiple entries in aptitude for some
of the installed files listed under 'Packages which depend on apt'.
For example apt shows 'debtags 1.6.6' twice.
Carl Johnson		carlj@peak.org

Reply to: