Hi folks, This new signature stuff in apt sux. It is complaining without need, it lies about how a broken/missing key can be fixed, and it scares novice users away. Some things that might be considered to be improved: - a web page describing how to get rid of the error message (and maybe listing some reasons why this signature check is so important). - make the signature check a configurable option - make it transparent - fix the lying error message (#316915) Currently I get an error message about http.us.debian.org saying: # apt-get update : : Reading package lists... Done W: GPG error: http://http.us.debian.org unstable Release: The following signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic Signing Key (2005) <ftpmaster@debian.org> W: You may want to run apt-get update to correct these problems There is no such error message for using ftp.de.debian.org. Anyway, 'apt-key list' says that F1D53D8C4F368D5D expires on 2006-01-31, so why does apt complain? Regards Harri
Attachment:
signature.asc
Description: OpenPGP digital signature