Re: APT authentication warning on wheezy
On Wed, Sep 4, 2013 at 8:37 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
> On wheezy, after a day or so without running "apt-get update", I
> receive this warning when installing packages:
That should be roughly 7 days in testing and below.
Valid-Until doesn't exist in stable (=wheezy) at the moment.
And APT is checking the valid-until (currently) only in "update"
processes, so you either get that directly after an "update"
(with a noisy warning) or not at all.
Could it be that something is running updates "behind your back"?
(like in a cronjob or something)
> WARNING: The following packages cannot be authenticated!
> libassuan0 libksba8 pinentry-gtk2 gnupg-agent gnupg2
> Install these packages without verification [y/N]?
>
> Obviously, this is related to the stale mirror expiry mechanism.
>
> It's not clear to me what verifications are skipped when I answer yes.
> Is it just the up-to-date check, or more?
Assume nothing is checked.
APT will do checks it has data for non the less, but one link in the
secure-apt chain is broken, so the data can't be trusted.
Maybe someone tempered with the files, or someone prevents you
from getting (security) updates by sending you old files, …
Best regards
David Kalnischkies
Reply to: