I didn't realize cowbuilder supported handling GPG signatures at all, and I think there are patches floating around to support it.
At Sun, 23 Nov 2008 15:14:30 -0800, Vagrant Cascadian wrote: > > Package: cowdancer > Version: 0.47 > Severity: normal > File: /usr/sbin/cowbuilder > > when i ran "cowbuilder --update", i was surprised that it blindly installed > untrusted packages by default: > > cowbuilder --update > -> Copying COW directory > -> Invoking pbuilder > -> Running in no-targz mode > -> copying local configuration > -> mounting /proc filesystem > -> mounting /dev/pts filesystem > -> policy-rc.d already exists > Refreshing the base.tgz > -> upgrading packages > Get:1 http://127.0.0.1 sid Release.gpg [189B] > Get:2 http://127.0.0.1 sid Release [86.5kB] > Ign http://127.0.0.1 sid Release > Get:3 http://127.0.0.1 sid/main Packages/DiffIndex [2038B] > Get:4 http://127.0.0.1 sid/main 2008-11-21-0827.57.pdiff [2998B] > ...snip... > Get:18 http://127.0.0.1 sid/main 2008-11-23-0842.24.pdiff [6650B] > Ign http://127.0.0.1 sid/main 2008-11-23-2053.30.pdiff > Ign http://127.0.0.1 sid/main > Get:19 http://127.0.0.1 sid/main [7366kB] > Fetched 7478kB in 1min7s (110kB/s) > Reading package lists... Done > W: GPG error: http://127.0.0.1 sid Release: The following signatures were > invalid: BADSIG A70DAF536070D3A1 Debian Archive Automatic Signing Key > (4.0/etch) <[EMAIL PROTECTED]> > W: You may want to run apt-get update to correct these problems > dpkg - warning: ignoring request to remove lilo which isn't installed. > Reading package lists... Done > Building dependency tree > Reading state information... Done > Calculating upgrade... Done > The following packages will be upgraded: > login passwd > 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > Need to get 1727kB of archives. > After this operation, 0B of additional disk space will be used. > WARNING: The following packages cannot be authenticated! > login passwd > Get:1 http://127.0.0.1 sid/main login 1:4.1.1-6 [854kB] > Get:2 http://127.0.0.1 sid/main passwd 1:4.1.1-6 [872kB] > Fetched 1727kB in 11s (153kB/s) > debconf: delaying package configuration, since apt-utils is not installed > (Reading database ... 9868 files and directories currently installed.) > Preparing to replace login 1:4.1.1-5 (using .../login_1%3a4.1.1-6_i386.deb) > ... > > seems like this behavior shouldn't be default, but rather a configuration > option. > > live well, > vagrant > > -- System Information: > Debian Release: lenny/sid > APT prefers testing > APT policy: (500, 'testing'), (101, 'experimental') > Architecture: i386 (i686) > > Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages cowdancer depends on: > ii libc6 2.7-16 GNU C Library: Shared libraries > ii pbuilder 0.181 personal package builder for > Debia > > cowdancer recommends no packages. > > cowdancer suggests no packages. > > -- no debconf information > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
