Bug#848146: apt: Invalid signatures after apt upgrade to v1.4
Control: severity -1 minor
On Wed, Dec 14, 2016 at 05:13:04PM +0100, Pavel Reznicek wrote:
> Package: apt
> Version: 1.4~beta2
> Severity: normal
>
> Dear Maintainer,
>
> since apt upgrade to version 1.4, a number of apt sources got invalidated due
> to problems with the signing keys. E.g.:
>
> W: GPG error: http://ftp.linuxfoundation.org/pub/lsb/repositories/debian lsb-5.0 Release: The following signatures were invalid: 2CA3AB2B48F891B085EB33789B14C1F62CF4470F
>
> For some reason, there is no indication what kind of problem it actually is
> (BADSIG etc.). Is ithis a bug, or does it indicate some obsoleteness of the
> keys of the repositories ?
It means that the signature is not trusted anymore. This is the same thing
that should have caused a warning before about weak hashes. It does a bad
job explaining the reason though, we might want to improve that.
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline'). Thank you.
Reply to: