[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!

Reco wrote:

On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote:

root@debian:/home/richard# apt-get install pforth
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/81.2 kB of archives.
After this operation, 291 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]?
E: Some packages could not be authenticated
root@debian:/home/richard# apt-get update
Ign file: squeeze Release.gpg

Note those 'Ign' records for each ISO you're using.
Debian doesn't sign packages per se, they sign whole repository with
usual 'public key - private key' scheme.
'debian-keyring' package provides you with public keys, and of course
private keys are kept, well, private.
Apt (aptitude, synaptic, whatever tool you're using) will start to
complain if:

1) Repository is signed with unknown or untrusted key. See 'apt-key
list' output for the list of keys you're trusting.

2) Repository is signed with an expired key. Yes, each key have a lifetime.

3) Repository isn't signed at all.

IIRC Debian does not sign the repository they put on 'Official CD's at
all, hence this warning you're given.


Yeah BUT ;(
I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created.

Reply to: