Somewhere down during the development, apt has changed the way it verifies the gpg signatures.
For apt-offline, up till now, I had been using the Release.gpg files. Could someone explain what the new approach is? Or if it is documented, I can try that. I see no Release.gpg files in apt/lists/partial/ anymore. I've looked at http://wiki.debian.org/SecureApt but didn't find any new information. PS: Please CC me. I am not subscribed to the Deity list. On Monday 19 March 2012 09:28 PM, Ritesh Raj Sarraf wrote: > Package: apt-offline > Version: 1.1.1 > Severity: important > Tags: upstream > > > Seems like Wheezy has silently does some changes in the way they handle > signing the update packages for the update files. I have it on my list > but unfortunately haven't had the time to look into it. > > Meanwhile, the workaround it to use the --allow-unauthenticated option > in the install command > > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (990, 'testing'), (500, 'unstable'), (100, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages apt-offline depends on: > ii apt 0.8.15.10 > ii less 444-2 > ii python 2.7.2-10 > ii python-argparse 1.2.1-2 > ii python2.6 2.6.7-4 > ii python2.7 [python-argparse] 2.7.3~rc1-1 > > apt-offline recommends no packages. > > apt-offline suggests no packages. > > -- no debconf information > > -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: OpenPGP digital signature