Bug#923668: apt update says "Signed file isn't valid", but apt-key verify passes
Julian Andres Klode <jak@debian.org> writes:
>
> The Release.gpg must be ASCII armored, as documented in:
>
> https://wiki.debian.org/DebianRepository/Format#A.22Release.22_files
>
> Following the recent CVE, checks where added that the Release.gpg
> contains only such signatures, to prevent hiding packages (or other
> things for that matter) in there.
OK, good to know there's an easy fix. Should the documentation for
apt-key ("SUPPORTED KEYRING FILES") be updated? I'm not very happy with
the wiki as the primary/only documentation.
cheers,
d
Reply to: