Re: Untrusted packages

2009-05-12 Thread Chris Bannister 
On Sun, May 10, 2009 at 01:24:32AM -0500, M. Lewis wrote:
> I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is  
> giving me 'untrusted package' warnings:
>
> moe:~# aptitude install sun-java6-plugin
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Reading extended state information
> Initializing package states... Done
> Reading task descriptions... Done
> The following NEW packages will be installed:
>   odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin 
> unixodbc{a}
> 0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded.
> Need to get 33.5MB of archives. After unpacking 96.2MB will be used.
> Do you want to continue? [Y/n/?]
> WARNING: untrusted versions of the following packages will be installed!

apt-cache policy sun-java6-plugin
will tell you which repository it wants to install from.

-- 
Chris.
==
I contend that we are both atheists. I just believe in one fewer god
than you do. When you understand why you dismiss all the other
possible gods, you will understand why I dismiss yours.
   -- Stephen F Roberts


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Untrusted packages

2009-05-10 Thread M. Lewis 

Jochen Schulz wrote:

M. Lewis:

WARNING: untrusted versions of the following packages will be installed!


This can always happen if your (aptitude|apt-get) update happens in the
middle of your mirror being updated from the main repository. Maybe you
just need to update again.

J.


Good to know Jochen! Thanks, apparently that was it. Today the install 
went fine, no warnings.


Thanks,
Mike

--

 RAM DISK is not an installation procedure!
  20:20:01 up 5 days, 22:49,  2 users,  load average: 0.33, 0.52, 0.55

 Linux Registered User #241685  http://counter.li.org


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Untrusted packages

2009-05-10 Thread Jochen Schulz 
M. Lewis:
>
> WARNING: untrusted versions of the following packages will be installed!

This can always happen if your (aptitude|apt-get) update happens in the
middle of your mirror being updated from the main repository. Maybe you
just need to update again.

J.
-- 
I'm being paid to act weirdly.
[Agree]   [Disagree]
 


signature.asc
Description: Digital signature

Re: Untrusted packages

2009-05-10 Thread Tzafrir Cohen 
On Sun, May 10, 2009 at 01:24:32AM -0500, M. Lewis wrote:
> I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is  
> giving me 'untrusted package' warnings:
>
> moe:~# aptitude install sun-java6-plugin
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Reading extended state information
> Initializing package states... Done
> Reading task descriptions... Done
> The following NEW packages will be installed:
>   odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin 

What version of Debian is it? Any reason for not using openjdk packages
from the main repository?

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
ICQ# 16849754 || friend


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Untrusted packages

2009-05-10 Thread M. Lewis 


Harry Rickards wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/10/09 07:24, M. Lewis wrote:

I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is
giving me 'untrusted package' warnings:




[..snip..]



Thanks,
Mike



What repository are you installing these packages from? Cat your
sources.list for us, and copy it into Pastebin. (cat /etc/sources.list)
Thanks.

- -- 
Many thanks

Harry Rickards



Pastebin thinks it's spam for some reason.

I'm running approx on another server. The approx config is:

rattler:~# cat /etc/approx/approx.conf
# Here are some examples of remote repository mappings.
# See http://www.debian.org/mirror/list for mirror sites.
#
#debian http://ftp.debian.org/debian
#security   http://security.debian.org/debian-security
#volatile   http://volatile.debian.org/debian-volatile

#
# These are the settings for use with approx
#
#debian http://gulus.usherbrooke.ca/debian/
#debian http://mirrors.xmission.com/debian
debian  http://mirrors.acm.jhu.edu/debian/
securityhttp://security.debian.org/debian-security
deb-src http://security.debian.org/debian
volatilehttp://volatile.debian.org/debian-volatile


#debian ftp://ftp.debian.org/debian experimental main contrib 
non-free
#deb-srcftp://ftp.debian.org/debian experimental main 
contrib non-free


virtualbox  http://download.virtualbox.org/virtualbox/debian


--

 REALITY.DAT not found. Atempting to restore Universe..
  04:25:01 up 5 days,  6:54,  2 users,  load average: 0.75, 0.99, 0.86

 Linux Registered User #241685  http://counter.li.org


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Untrusted packages

2009-05-10 Thread Harry Rickards 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/10/09 07:24, M. Lewis wrote:
> I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is
> giving me 'untrusted package' warnings:
> 
> moe:~# aptitude install sun-java6-plugin
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Reading extended state information
> Initializing package states... Done
> Reading task descriptions... Done
> The following NEW packages will be installed:
>   odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin
> unixodbc{a}
> 0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded.
> Need to get 33.5MB of archives. After unpacking 96.2MB will be used.
> Do you want to continue? [Y/n/?]
> WARNING: untrusted versions of the following packages will be installed!
> 
> Untrusted packages could compromise your system's security.
> You should only proceed with the installation if you are certain that
> this is what you want to do.
> 
>   odbcinst1debian1 sun-java6-bin unixodbc sun-java6-jre sun-java6-plugin
> 
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": n
> Unrecognized input.  Enter either "Yes" or "No".
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": no
> Abort.
> 
> 
> A search of the archives recommends that I have the
> debian-archive-keyring installed. Which I do have installed:
> moe:~# dpkg -l | grep keyring
> ii  debian-archive-keyring   2009.01.31 GnuPG
> archive keys of the Debian archive
> ii  debian-keyring   2009.04.04 GnuPG
> (and obsolete PGP) keys of Debian Deve
> ii  gnome-keyring2.26.0-4 GNOME
> keyring services (daemon and tools)
> ii  libgnome-keyring02.26.0-4 GNOME
> keyring services library
> ii  libpam-gnome-keyring 2.26.0-4 PAM module
> to unlock the GNOME keyring upon
> ii  python-gnomekeyring  2.24.1-1+b3 Python
> bindings for the GNOME keyring librar
> 
> 
> So I'm not sure why I'm getting these warnings. What do I need to do to
> correct these warnings?
> 
> Thanks,
> Mike
> 
> 
What repository are you installing these packages from? Cat your
sources.list for us, and copy it into Pastebin. (cat /etc/sources.list)
Thanks.

- -- 
Many thanks
Harry Rickards

- -BEGIN GEEK CODE BLOCK-
Version: 3.1
GAT/GCM/GCS/GCC/GIT/GM d? s: a? C UL P- L+++ E--- W+++ N o K+
w--- O- M- V- PS+  PE Y+ PGP++ t 5 X R tv-- b+++ DI D G e* h! !r y?
- --END GEEK CODE BLOCK--
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkoGlxYACgkQ1kZz3mRu0GoLegCeKwwJ8AfP/5yq/36ZGv90zqiQ
TF8An1Dw7rwzHCx59u7aWqAzhJVo29bf
=DJZK
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Untrusted packages

2009-05-09 Thread M. Lewis 
I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is 
giving me 'untrusted package' warnings:


moe:~# aptitude install sun-java6-plugin
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
The following NEW packages will be installed:
  odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} 
sun-java6-plugin unixodbc{a}

0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded.
Need to get 33.5MB of archives. After unpacking 96.2MB will be used.
Do you want to continue? [Y/n/?]
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  odbcinst1debian1 sun-java6-bin unixodbc sun-java6-jre sun-java6-plugin

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": n
Unrecognized input.  Enter either "Yes" or "No".
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": no
Abort.


A search of the archives recommends that I have the 
debian-archive-keyring installed. Which I do have installed:

moe:~# dpkg -l | grep keyring
ii  debian-archive-keyring   2009.01.31 
GnuPG archive keys of the Debian archive
ii  debian-keyring   2009.04.04 
GnuPG (and obsolete PGP) keys of Debian Deve
ii  gnome-keyring2.26.0-4 
GNOME keyring services (daemon and tools)
ii  libgnome-keyring02.26.0-4 
GNOME keyring services library
ii  libpam-gnome-keyring 2.26.0-4 
PAM module to unlock the GNOME keyring upon
ii  python-gnomekeyring  2.24.1-1+b3 
Python bindings for the GNOME keyring librar



So I'm not sure why I'm getting these warnings. What do I need to do to 
correct these warnings?


Thanks,
Mike


--

 UNIX is many things to many people, but it has never been everything 
to anybody.

  01:15:01 up 5 days,  3:44,  2 users,  load average: 0.98, 0.90, 0.89

 Linux Registered User #241685  http://counter.li.org


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Help needed in removing warning: "Untrusted packages could ..."

2007-12-28 Thread s. keeling 
Andrei Popescu <[EMAIL PROTECTED]>:
>  On Fri, Dec 28, 2007 at 01:03:20AM +0100, s. keeling wrote:
> > Gabriel Parrondo <[EMAIL PROTECTED]>:
> > >
> > >  El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=3DC3=3DB3:
> > > > On Thu, 27 Dec 2007 17:15:54 +0530
> > > > "Amogh Hooshdar" <[EMAIL PROTECTED]> wrote:
> > > > > 
> > > > > Is there anything I can do to suppress this warning like making the
> > > > > system believe that I trust ftp.us.debian.org or whatever mirror I
> > > > > am using.
> > > > 
> > > > Install debian-archive-keyring
> > >  
> > >  I always wonder how does that happen (which is very often). How can
> > >  anybody miss that package if apt depends on it??
> > 
> > (0) heretic /home/keeling_ aptitude show debian-archive-keyring
> > Package: debian-archive-keyring
> > State: installed
> > Automatically installed: no # <--
> > Version: 2007.07.31~etch1
> > Priority: important # <-- but not that important?
> > Section: misc
> > Maintainer: Michael Vogt <[EMAIL PROTECTED]>
> > Uncompressed Size: 57.3k
> > Depends: gnupg (>=3D 1.0.6-4) # <-- hmm ...
> > 
> > (0) heretic /home/keeling_ aptitude show gnupg
> > Package: gnupg
> > State: installed
> > Automatically installed: no # <--
> > Version: 1.4.6-2
> > Priority: important # <-- again.
> 
>  I think Gabriel meant this:
> 
>  $ apt-cache rdepends debian-archive-keyring
>  debian-archive-keyring
>  Reverse Depends:
>education-common
>cdebootstrap-static
>cdebootstrap
>apt
>  ^^^

I agree, it's very confusing.  apt was not auto-installed here, and
once it was dragged in, I still had to get debian-archive-keyring
myself.

(0) heretic /home/keeling_ aptitude show apt
Package: apt
State: installed
Automatically installed: no
Version: 0.6.46.4-0.1
Priority: important
Section: admin
Maintainer: APT Development Team <[EMAIL PROTECTED]>
Uncompressed Size: 4415k
Depends: libc6 (>= 2.3.6-6), libgcc1 (>= 1:4.1.1-12), libstdc++6 (>= 4.1.1-12),
 debian-archive-keyring

Is this "new" etch dependency handling?  How's it work now?


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)http://blinkynet.net/comp/uip5.html  Linux Counter #80292
- -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Help needed in removing warning: "Untrusted packages could ..."

2007-12-28 Thread Andrei Popescu 
On Fri, Dec 28, 2007 at 01:03:20AM +0100, s. keeling wrote:
> Gabriel Parrondo <[EMAIL PROTECTED]>:
> > 
> >  El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=C3=B3:
> > > On Thu, 27 Dec 2007 17:15:54 +0530
> > > "Amogh Hooshdar" <[EMAIL PROTECTED]> wrote:
> > > > 
> > > > Is there anything I can do to suppress this warning like making the
> > > > system believe that I trust ftp.us.debian.org or whatever mirror I
> > > > am using.
> > > 
> > > Install debian-archive-keyring
> > 
> >  I always wonder how does that happen (which is very often). How can
> >  anybody miss that package if apt depends on it??
> 
> (0) heretic /home/keeling_ aptitude show debian-archive-keyring
> Package: debian-archive-keyring
> State: installed
> Automatically installed: no # <--
> Version: 2007.07.31~etch1
> Priority: important # <-- but not that important?
> Section: misc
> Maintainer: Michael Vogt <[EMAIL PROTECTED]>
> Uncompressed Size: 57.3k
> Depends: gnupg (>= 1.0.6-4) # <-- hmm ...
> 
> (0) heretic /home/keeling_ aptitude show gnupg
> Package: gnupg
> State: installed
> Automatically installed: no # <--
> Version: 1.4.6-2
> Priority: important # <-- again.

I think Gabriel meant this:

$ apt-cache rdepends debian-archive-keyring
debian-archive-keyring
Reverse Depends:
  education-common
  cdebootstrap-static
  cdebootstrap
  apt
^^^

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

Re: Help needed in removing warning: "Untrusted packages could ..."

2007-12-27 Thread s. keeling 
Gabriel Parrondo <[EMAIL PROTECTED]>:
> 
>  El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=C3=B3:
> > On Thu, 27 Dec 2007 17:15:54 +0530
> > "Amogh Hooshdar" <[EMAIL PROTECTED]> wrote:
> > > 
> > > Is there anything I can do to suppress this warning like making the
> > > system believe that I trust ftp.us.debian.org or whatever mirror I
> > > am using.
> > 
> > Install debian-archive-keyring
> 
>  I always wonder how does that happen (which is very often). How can
>  anybody miss that package if apt depends on it??

(0) heretic /home/keeling_ aptitude show debian-archive-keyring
Package: debian-archive-keyring
State: installed
Automatically installed: no # <--
Version: 2007.07.31~etch1
Priority: important # <-- but not that important?
Section: misc
Maintainer: Michael Vogt <[EMAIL PROTECTED]>
Uncompressed Size: 57.3k
Depends: gnupg (>= 1.0.6-4) # <-- hmm ...

(0) heretic /home/keeling_ aptitude show gnupg
Package: gnupg
State: installed
Automatically installed: no # <--
Version: 1.4.6-2
Priority: important # <-- again.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)http://blinkynet.net/comp/uip5.html  Linux Counter #80292
- -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Help needed in removing warning: "Untrusted packages could ..."

2007-12-27 Thread Gabriel Parrondo 
El jue, 27-12-2007 a las 07:20 -0800, Raquel escribió:
> On Thu, 27 Dec 2007 17:15:54 +0530
> "Amogh Hooshdar" <[EMAIL PROTECTED]> wrote:
> 
> > Is there anything I can do to suppress this warning like making the
> > system believe that I trust ftp.us.debian.org or whatever mirror I
> > am using.
> > 
> 
> Install debian-archive-keyring
> 

I always wonder how does that happen (which is very often). How can
anybody miss that package if apt depends on it??

-- 
Gabriel Parrondo
GNU/Linux User #404138
GnuPG Public Key ID: BED7BF43
JID: [EMAIL PROTECTED]

"The only difference between theory and practice is that, in theory, there's no 
difference between theory and practice."


signature.asc
Description: Esta parte del mensaje está firmada	digitalmente

Re: Help needed in removing warning: "Untrusted packages could ..."

2007-12-27 Thread Raquel 
On Thu, 27 Dec 2007 17:15:54 +0530
"Amogh Hooshdar" <[EMAIL PROTECTED]> wrote:

> Is there anything I can do to suppress this warning like making the
> system believe that I trust ftp.us.debian.org or whatever mirror I
> am using.
> 

Install debian-archive-keyring

-- 
Raquel

I swear never to be silent whenever and wherever human lives endure
suffering and humiliation.  We must always take sides.  Neutrality
helps the oppressor, never the victim.  Silence encourages the
tormentor, never the tormented.  Sometimes we must interfere when
human lives are endangered.  When human dignity is in jeopardy, that
place, at that moment, must become the center of the universe. --Elie
Wiesel, Holocaust Survivor


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Help needed in removing warning: "Untrusted packages could ..."

2007-12-27 Thread Amogh Hooshdar 
Whenever I try to install something using aptitude install, I get this warning:-

---
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  locate

Do you want to ignore this warning and proceed anyway?
---

Is there anything I can do to suppress this warning like making the
system believe that I trust ftp.us.debian.org or whatever mirror I am
using.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-25 Thread George Hein 

Mathias Brodala wrote:

Hi George.




Are you talking about debian-multimedia.org? If, did you install their keyring
package?

YUP.  Thanks, I thought it might be this, but my SID environment where I 
had this included failed completely after an apt or synaptic upgrade 
twice (in between did a restore), so I simply reverted to TEST.  This is 
the first time SID failed in a year, will return soon but keep TEST as well.


I found google searches can often be very helpful, but got too much 
useless info following your suggestion this time.


I keep two Debians (sometimes also Suse etc. as well) on my laptop, all 
sharing common DATA partition in addition of full backups on a BKUP 
mini-boot-RIP partition).  As a retired programmer I learned: trust 
no-one, especially oneself.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Mathias Brodala 
Hi George.

George Hein, 24.07.2007 14:42:
>> How about doing the obvious and searching for that warning? You’ll
>> learn about
>> Secure Apt and PGP keys.
>>
> I did this and am did not find the correct answer.
> 
> Long ago I installed debian-archive-keyring via synaptic, this solved
> all problems then, but lately I added another archive to pick up come
> codecs stuff and started getting those error messages again.

Are you talking about debian-multimedia.org? If, did you install their keyring
package?

> I no
> longer suscribe to those so I have no problems now - and your answer
> would not help.

Depends. If you have never heard of SecureApt and PGP, it’ll give you some hints
where to start.

> Would it not be better to tell what needs to be installed if you know
> it?

I would have done so if I had known what package could solve this.


Regards, Mathias

-- 
debian/rules



signature.asc
Description: OpenPGP digital signature

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Florian Kulzer 
On Tue, Jul 24, 2007 at 14:31:37 +0200, Arnau wrote:
> Hi Mathias,
>
>> Arnau, 24.07.2007 11:54:
>>>   I've installed a new server and everytime I want to install a new
>>> package the following message appears:
>>>
>>> […]
>>> How can I remove the "WARNING: untrusted versions of the following
>>> packages will be installed!..."?
>> How about doing the obvious and searching for that warning? You’ll learn 
>> about
>> Secure Apt and PGP keys.
>
>   Before sending my message to the list, I already searched in google and 
> read all the http://wiki.debian.org/SecureApt info. Also I checked that I 
> had installed the debian-keyring and debian-archive-keyring. I haven't 
> found anything that explains the message I get. I have the keys installed, 
> but I don't know what is wrong and that's why I ask help to the list.
>
> MSLWB001:~# apt-key list

[ snip: the three currently used official keys are installed ]

I think your symptoms indicate a problem with the mirror that you are
using. Most of the time these problems are temporary and are solved
after another apt-get update (maybe after waiting a bit). If you are in
a hurry then you can simply switch to another mirror.

-- 
Regards,| http://users.icfo.es/Florian.Kulzer
  Florian   |

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread George Hein 



How about doing the obvious and searching for that warning? You’ll learn about
Secure Apt and PGP keys.


I did this and am did not find the correct answer.

Long ago I installed debian-archive-keyring via synaptic, this solved 
all problems then, but lately I added another archive to pick up come 
codecs stuff and started getting those error messages again.  I no 
longer suscribe to those so I have no problems now - and your answer 
would not help.


Would it not be better to tell what needs to be installed if you know 
it?  Pointing to where the person could find more info is also extremely 
helpful but may add to confusion.

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Mathias Brodala 
Hi Arnau.

Arnau, 24.07.2007 14:31:
>> Arnau, 24.07.2007 11:54:
>>>   I've installed a new server and everytime I want to install a new
>>> package the following message appears:
>>>
>>> […]
>>> How can I remove the "WARNING: untrusted versions of the following
>>> packages will be installed!..."?
>>
>> How about doing the obvious and searching for that warning? You’ll
>> learn about
>> Secure Apt and PGP keys.
> 
>   Before sending my message to the list, I already searched in google
> and read all the http://wiki.debian.org/SecureApt info. Also I checked
> that I had installed the debian-keyring and debian-archive-keyring. I
> haven't found anything that explains the message I get. I have the keys
> installed, but I don't know what is wrong and that's why I ask help to
> the list.

Are you sure that the packages in question are from the official repository?
These are signed and should work without problems. (Also do an "apt-get update"
just in case.)


Regards, Mathias

-- 
debian/rules



signature.asc
Description: OpenPGP digital signature

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Arnau 

Hi Mathias,


Arnau, 24.07.2007 11:54:

  I've installed a new server and everytime I want to install a new
package the following message appears:

[…]
How can I remove the "WARNING: untrusted versions of the following
packages will be installed!..."?


How about doing the obvious and searching for that warning? You’ll learn about
Secure Apt and PGP keys.


  Before sending my message to the list, I already searched in google 
and read all the http://wiki.debian.org/SecureApt info. Also I checked 
that I had installed the debian-keyring and debian-archive-keyring. I 
haven't found anything that explains the message I get. I have the keys 
installed, but I don't know what is wrong and that's why I ask help to 
the list.


MSLWB001:~# apt-key list
/etc/apt/trusted.gpg

pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid  Debian Archive Automatic Signing Key (2006) 
<[EMAIL PROTECTED]>


pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid  Debian Archive Automatic Signing Key (4.0/etch) 
<[EMAIL PROTECTED]>


pub   1024D/ADB11277 2006-09-17
uid  Etch Stable Release Key 
<[EMAIL PROTECTED]>





--
Arnau


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Mathias Brodala 
Hi Arnau.

Arnau, 24.07.2007 11:54:
>   I've installed a new server and everytime I want to install a new
> package the following message appears:
> 
> […]
> How can I remove the "WARNING: untrusted versions of the following
> packages will be installed!..."?

How about doing the obvious and searching for that warning? You’ll learn about
Secure Apt and PGP keys.


Regards, Mathias

-- 
debian/rules



signature.asc
Description: OpenPGP digital signature

aptitude and "Untrusted packages could compromise your system's security."

2007-07-24 Thread Arnau 

Hi all,

  I've installed a new server and everytime I want to install a new 
package the following message appears:


WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.


In other servers I have appeared something like "The following 
signatures couldn't be verified because the public key is not available: 
NO_PUBKEY 8899AABBCCDDEEFF" and I know how to fix it.


How can I remove the "WARNING: untrusted versions of the following 
packages will be installed!..."?



Thanks
--
Arnau


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

aptitude: untrusted packages

2005-11-05 Thread Felix C. Stegerman 
Hi,

Aptitude gave me a rather unexpected message today.

$ aptitude -s upgrade
<...>
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
  yaird
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":

$ apt-cache policy yaird
yaird:
  Installed: 0.0.11-10
  Candidate: 0.0.11-11
  Version table:
 0.0.11-11 0
900 http://ftp.nl.debian.org sid/main Packages
700 http://debian.jones.dk sid/misc Packages
 *** 0.0.11-10 0
890 http://ftp.nl.debian.org etch/main Packages
100 /var/lib/dpkg/status

I know that the message is a result of not having the gpg key for
debian.jones.dk in my keyring, but I'm not trying to install the
version from debian.jones.dk.

I don't have the key in my keyring because I don't trust the packages
there. I want to be notified when trying to install one of them.

When I answer yes to the question above, aptitude will get the
(trusted) package from ftp.nl.debian.org. So why does it warn me about
untrusted packages? I want to be able to install yaird (from the
normal repositories) without this warning. Only when a package will
actually be retreived from an untrusted source should aptitude warn
me.

Does anyone know what to do about this, or should I consider this a
bug and file a report?


Felix

-- 
Felix C. Stegerman <[EMAIL PROTECTED]>

"Any sufficiently advanced bug is indistinguishable from a feature."
 -- R. Kulawiec


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]