On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote:
root@debian:/home/richard# apt-get install pforth
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/81.2 kB of archives.
After this operation, 291 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]?
E: Some packages could not be authenticated
root@debian:/home/richard# apt-get update
Ign file: squeeze Release.gpg
Note those 'Ign' records for each ISO you're using.
Debian doesn't sign packages per se, they sign whole repository with
usual 'public key - private key' scheme.
'debian-keyring' package provides you with public keys, and of course
private keys are kept, well, private.
Apt (aptitude, synaptic, whatever tool you're using) will start to
1) Repository is signed with unknown or untrusted key. See 'apt-key
list' output for the list of keys you're trusting.
2) Repository is signed with an expired key. Yes, each key have a lifetime.
3) Repository isn't signed at all.
IIRC Debian does not sign the repository they put on 'Official CD's at
all, hence this warning you're given.