Somewhere down during the development, apt has changed the way it
verifies the gpg signatures. For apt-offline, up till now, I had been using the Release.gpg files. Could someone explain what the new approach is? Or if it is documented, I can try that. I see no Release.gpg files in apt/lists/partial/ anymore. I've looked at http://wiki.debian.org/SecureApt but didn't find any new information. PS: Please CC me. I am not subscribed to the Deity list. On Monday 19 March 2012 09:28 PM, Ritesh Raj Sarraf wrote: Package: apt-offline Version: 1.1.1 Severity: important Tags: upstream Seems like Wheezy has silently does some changes in the way they handle signing the update packages for the update files. I have it on my list but unfortunately haven't had the time to look into it. Meanwhile, the workaround it to use the --allow-unauthenticated option in the install command -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt-offline depends on: ii apt 0.8.15.10 ii less 444-2 ii python 2.7.2-10 ii python-argparse 1.2.1-2 ii python2.6 2.6.7-4 ii python2.7 [python-argparse] 2.7.3~rc1-1 apt-offline recommends no packages. apt-offline suggests no packages. -- no debconf information -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System |
Attachment:
signature.asc
Description: OpenPGP digital signature