[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!


On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote:

> root@debian:/home/richard# apt-get install pforth
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following NEW packages will be installed:
>   pforth
> 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
> Need to get 0 B/81.2 kB of archives.
> After this operation, 291 kB of additional disk space will be used.
> WARNING: The following packages cannot be authenticated!
>   pforth
> Install these packages without verification [y/N]?
> E: Some packages could not be authenticated
> root@debian:/home/richard# apt-get update
> Ign file: squeeze Release.gpg

Note those 'Ign' records for each ISO you're using.
Debian doesn't sign packages per se, they sign whole repository with
usual 'public key - private key' scheme.
'debian-keyring' package provides you with public keys, and of course
private keys are kept, well, private.
Apt (aptitude, synaptic, whatever tool you're using) will start to
complain if:

1) Repository is signed with unknown or untrusted key. See 'apt-key
list' output for the list of keys you're trusting.

2) Repository is signed with an expired key. Yes, each key have a lifetime.

3) Repository isn't signed at all.

IIRC Debian does not sign the repository they put on 'Official CD's at
all, hence this warning you're given.


Reply to: