I'm thinking about merging my APT branch upstream and giving it some
testing on users.
For appstream, it might make sense to move the hook from APT::Update
::Post-Invoke-Success to APT::Update::Post-Invoke so it runs even if the
update errors - APT updates its cache as well, and makes sure the lists
directory is kept in a sane state.
** Also affects: appstream (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to appstream in Ubuntu.
https://bugs.launchpad.net/bugs/1562733
Title:
apt signature requierements prevent updates from some repositories
Status in appstream package in Ubuntu:
New
Status in apt package in Ubuntu:
In Progress
Bug description:
Since xenial updated the requirements for the strength of PGP
signatures of packages, packages from some repositories are no longer
updated. Apt-get update reports these errors:
E: Failed to fetch http://[...]/Release No Hash entry in Release file
/var/lib/apt/lists/partial/[...] which is considered strong enough for security
purposes
E: Some index files failed to download. They have been ignored, or old ones
used instead.
While the motivation for the change is valid, the result is a
potential security problem, as the new versions of the packages that
may fix recently discovered vulnerabilities are not automatically
installed.
One less important but unfortunate effect is a scary message that is
displayed to the user, without clear explanation that the problem
needs to be addressed by the repository owner.
Related: Bug #1558331
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1562733/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
