Re: Untrusted packages
On Sun, May 10, 2009 at 01:24:32AM -0500, M. Lewis wrote: I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is giving me 'untrusted package' warnings: moe:~# aptitude install sun-java6-plugin Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following NEW packages will be installed: odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin unixodbc{a} 0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded. Need to get 33.5MB of archives. After unpacking 96.2MB will be used. Do you want to continue? [Y/n/?] WARNING: untrusted versions of the following packages will be installed! apt-cache policy sun-java6-plugin will tell you which repository it wants to install from. -- Chris. == I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours. -- Stephen F Roberts -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Untrusted packages
I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is giving me 'untrusted package' warnings: moe:~# aptitude install sun-java6-plugin Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following NEW packages will be installed: odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin unixodbc{a} 0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded. Need to get 33.5MB of archives. After unpacking 96.2MB will be used. Do you want to continue? [Y/n/?] WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. odbcinst1debian1 sun-java6-bin unixodbc sun-java6-jre sun-java6-plugin Do you want to ignore this warning and proceed anyway? To continue, enter Yes; to abort, enter No: n Unrecognized input. Enter either Yes or No. Do you want to ignore this warning and proceed anyway? To continue, enter Yes; to abort, enter No: no Abort. A search of the archives recommends that I have the debian-archive-keyring installed. Which I do have installed: moe:~# dpkg -l | grep keyring ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian archive ii debian-keyring 2009.04.04 GnuPG (and obsolete PGP) keys of Debian Deve ii gnome-keyring2.26.0-4 GNOME keyring services (daemon and tools) ii libgnome-keyring02.26.0-4 GNOME keyring services library ii libpam-gnome-keyring 2.26.0-4 PAM module to unlock the GNOME keyring upon ii python-gnomekeyring 2.24.1-1+b3 Python bindings for the GNOME keyring librar So I'm not sure why I'm getting these warnings. What do I need to do to correct these warnings? Thanks, Mike -- UNIX is many things to many people, but it has never been everything to anybody. 01:15:01 up 5 days, 3:44, 2 users, load average: 0.98, 0.90, 0.89 Linux Registered User #241685 http://counter.li.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Untrusted packages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/10/09 07:24, M. Lewis wrote: I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is giving me 'untrusted package' warnings: moe:~# aptitude install sun-java6-plugin Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following NEW packages will be installed: odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin unixodbc{a} 0 packages upgraded, 5 newly installed, 0 to remove and 7 not upgraded. Need to get 33.5MB of archives. After unpacking 96.2MB will be used. Do you want to continue? [Y/n/?] WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. odbcinst1debian1 sun-java6-bin unixodbc sun-java6-jre sun-java6-plugin Do you want to ignore this warning and proceed anyway? To continue, enter Yes; to abort, enter No: n Unrecognized input. Enter either Yes or No. Do you want to ignore this warning and proceed anyway? To continue, enter Yes; to abort, enter No: no Abort. A search of the archives recommends that I have the debian-archive-keyring installed. Which I do have installed: moe:~# dpkg -l | grep keyring ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian archive ii debian-keyring 2009.04.04 GnuPG (and obsolete PGP) keys of Debian Deve ii gnome-keyring2.26.0-4 GNOME keyring services (daemon and tools) ii libgnome-keyring02.26.0-4 GNOME keyring services library ii libpam-gnome-keyring 2.26.0-4 PAM module to unlock the GNOME keyring upon ii python-gnomekeyring 2.24.1-1+b3 Python bindings for the GNOME keyring librar So I'm not sure why I'm getting these warnings. What do I need to do to correct these warnings? Thanks, Mike What repository are you installing these packages from? Cat your sources.list for us, and copy it into Pastebin. (cat /etc/sources.list) Thanks. - -- Many thanks Harry Rickards - -BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/GCM/GCS/GCC/GIT/GM d? s: a? C UL P- L+++ E--- W+++ N o K+ w--- O- M- V- PS+ PE Y+ PGP++ t 5 X R tv-- b+++ DI D G e* h! !r y? - --END GEEK CODE BLOCK-- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoGlxYACgkQ1kZz3mRu0GoLegCeKwwJ8AfP/5yq/36ZGv90zqiQ TF8An1Dw7rwzHCx59u7aWqAzhJVo29bf =DJZK -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Untrusted packages
Harry Rickards wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/10/09 07:24, M. Lewis wrote: I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is giving me 'untrusted package' warnings: [..snip..] Thanks, Mike What repository are you installing these packages from? Cat your sources.list for us, and copy it into Pastebin. (cat /etc/sources.list) Thanks. - -- Many thanks Harry Rickards Pastebin thinks it's spam for some reason. I'm running approx on another server. The approx config is: rattler:~# cat /etc/approx/approx.conf # Here are some examples of remote repository mappings. # See http://www.debian.org/mirror/list for mirror sites. # #debian http://ftp.debian.org/debian #security http://security.debian.org/debian-security #volatile http://volatile.debian.org/debian-volatile # # These are the settings for use with approx # #debian http://gulus.usherbrooke.ca/debian/ #debian http://mirrors.xmission.com/debian debian http://mirrors.acm.jhu.edu/debian/ securityhttp://security.debian.org/debian-security deb-src http://security.debian.org/debian volatilehttp://volatile.debian.org/debian-volatile #debian ftp://ftp.debian.org/debian experimental main contrib non-free #deb-srcftp://ftp.debian.org/debian experimental main contrib non-free virtualbox http://download.virtualbox.org/virtualbox/debian -- REALITY.DAT not found. Atempting to restore Universe.. 04:25:01 up 5 days, 6:54, 2 users, load average: 0.75, 0.99, 0.86 Linux Registered User #241685 http://counter.li.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Untrusted packages
On Sun, May 10, 2009 at 01:24:32AM -0500, M. Lewis wrote: I'm running Sid. I'm trying to install sun-java6-plugin, but aptitude is giving me 'untrusted package' warnings: moe:~# aptitude install sun-java6-plugin Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following NEW packages will be installed: odbcinst1debian1{a} sun-java6-bin{a} sun-java6-jre{a} sun-java6-plugin What version of Debian is it? Any reason for not using openjdk packages from the main repository? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best ICQ# 16849754 || friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Untrusted packages
M. Lewis: WARNING: untrusted versions of the following packages will be installed! This can always happen if your (aptitude|apt-get) update happens in the middle of your mirror being updated from the main repository. Maybe you just need to update again. J. -- I'm being paid to act weirdly. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: Untrusted packages
Jochen Schulz wrote: M. Lewis: WARNING: untrusted versions of the following packages will be installed! This can always happen if your (aptitude|apt-get) update happens in the middle of your mirror being updated from the main repository. Maybe you just need to update again. J. Good to know Jochen! Thanks, apparently that was it. Today the install went fine, no warnings. Thanks, Mike -- RAM DISK is not an installation procedure! 20:20:01 up 5 days, 22:49, 2 users, load average: 0.33, 0.52, 0.55 Linux Registered User #241685 http://counter.li.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Help needed in removing warning: Untrusted packages could ...
On Fri, Dec 28, 2007 at 01:03:20AM +0100, s. keeling wrote: Gabriel Parrondo [EMAIL PROTECTED]: El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=C3=B3: On Thu, 27 Dec 2007 17:15:54 +0530 Amogh Hooshdar [EMAIL PROTECTED] wrote: Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. Install debian-archive-keyring I always wonder how does that happen (which is very often). How can anybody miss that package if apt depends on it?? (0) heretic /home/keeling_ aptitude show debian-archive-keyring Package: debian-archive-keyring State: installed Automatically installed: no # -- Version: 2007.07.31~etch1 Priority: important # -- but not that important? Section: misc Maintainer: Michael Vogt [EMAIL PROTECTED] Uncompressed Size: 57.3k Depends: gnupg (= 1.0.6-4) # -- hmm ... (0) heretic /home/keeling_ aptitude show gnupg Package: gnupg State: installed Automatically installed: no # -- Version: 1.4.6-2 Priority: important # -- again. I think Gabriel meant this: $ apt-cache rdepends debian-archive-keyring debian-archive-keyring Reverse Depends: education-common cdebootstrap-static cdebootstrap apt ^^^ Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: Help needed in removing warning: Untrusted packages could ...
Andrei Popescu [EMAIL PROTECTED]: On Fri, Dec 28, 2007 at 01:03:20AM +0100, s. keeling wrote: Gabriel Parrondo [EMAIL PROTECTED]: El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=3DC3=3DB3: On Thu, 27 Dec 2007 17:15:54 +0530 Amogh Hooshdar [EMAIL PROTECTED] wrote: Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. Install debian-archive-keyring I always wonder how does that happen (which is very often). How can anybody miss that package if apt depends on it?? (0) heretic /home/keeling_ aptitude show debian-archive-keyring Package: debian-archive-keyring State: installed Automatically installed: no # -- Version: 2007.07.31~etch1 Priority: important # -- but not that important? Section: misc Maintainer: Michael Vogt [EMAIL PROTECTED] Uncompressed Size: 57.3k Depends: gnupg (=3D 1.0.6-4) # -- hmm ... (0) heretic /home/keeling_ aptitude show gnupg Package: gnupg State: installed Automatically installed: no # -- Version: 1.4.6-2 Priority: important # -- again. I think Gabriel meant this: $ apt-cache rdepends debian-archive-keyring debian-archive-keyring Reverse Depends: education-common cdebootstrap-static cdebootstrap apt ^^^ I agree, it's very confusing. apt was not auto-installed here, and once it was dragged in, I still had to get debian-archive-keyring myself. (0) heretic /home/keeling_ aptitude show apt Package: apt State: installed Automatically installed: no Version: 0.6.46.4-0.1 Priority: important Section: admin Maintainer: APT Development Team [EMAIL PROTECTED] Uncompressed Size: 4415k Depends: libc6 (= 2.3.6-6), libgcc1 (= 1:4.1.1-12), libstdc++6 (= 4.1.1-12), debian-archive-keyring Is this new etch dependency handling? How's it work now? -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Help needed in removing warning: Untrusted packages could ...
Whenever I try to install something using aptitude install, I get this warning:- --- WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. locate Do you want to ignore this warning and proceed anyway? --- Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Help needed in removing warning: Untrusted packages could ...
On Thu, 27 Dec 2007 17:15:54 +0530 Amogh Hooshdar [EMAIL PROTECTED] wrote: Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. Install debian-archive-keyring -- Raquel I swear never to be silent whenever and wherever human lives endure suffering and humiliation. We must always take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented. Sometimes we must interfere when human lives are endangered. When human dignity is in jeopardy, that place, at that moment, must become the center of the universe. --Elie Wiesel, Holocaust Survivor -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Help needed in removing warning: Untrusted packages could ...
El jue, 27-12-2007 a las 07:20 -0800, Raquel escribió: On Thu, 27 Dec 2007 17:15:54 +0530 Amogh Hooshdar [EMAIL PROTECTED] wrote: Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. Install debian-archive-keyring I always wonder how does that happen (which is very often). How can anybody miss that package if apt depends on it?? -- Gabriel Parrondo GNU/Linux User #404138 GnuPG Public Key ID: BED7BF43 JID: [EMAIL PROTECTED] The only difference between theory and practice is that, in theory, there's no difference between theory and practice. signature.asc Description: Esta parte del mensaje está firmada digitalmente
Re: Help needed in removing warning: Untrusted packages could ...
Gabriel Parrondo [EMAIL PROTECTED]: El jue, 27-12-2007 a las 07:20 -0800, Raquel escribi=C3=B3: On Thu, 27 Dec 2007 17:15:54 +0530 Amogh Hooshdar [EMAIL PROTECTED] wrote: Is there anything I can do to suppress this warning like making the system believe that I trust ftp.us.debian.org or whatever mirror I am using. Install debian-archive-keyring I always wonder how does that happen (which is very often). How can anybody miss that package if apt depends on it?? (0) heretic /home/keeling_ aptitude show debian-archive-keyring Package: debian-archive-keyring State: installed Automatically installed: no # -- Version: 2007.07.31~etch1 Priority: important # -- but not that important? Section: misc Maintainer: Michael Vogt [EMAIL PROTECTED] Uncompressed Size: 57.3k Depends: gnupg (= 1.0.6-4) # -- hmm ... (0) heretic /home/keeling_ aptitude show gnupg Package: gnupg State: installed Automatically installed: no # -- Version: 1.4.6-2 Priority: important # -- again. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude and Untrusted packages could compromise your system's security.
Mathias Brodala wrote: Hi George. Are you talking about debian-multimedia.org? If, did you install their keyring package? YUP. Thanks, I thought it might be this, but my SID environment where I had this included failed completely after an apt or synaptic upgrade twice (in between did a restore), so I simply reverted to TEST. This is the first time SID failed in a year, will return soon but keep TEST as well. I found google searches can often be very helpful, but got too much useless info following your suggestion this time. I keep two Debians (sometimes also Suse etc. as well) on my laptop, all sharing common DATA partition in addition of full backups on a BKUP mini-boot-RIP partition). As a retired programmer I learned: trust no-one, especially oneself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
aptitude y Untrusted packages could compromise your system's security.
Hola a todos, He instalado un servidor nuevo y cada vez que quiero instalar un paquete nuevo me sale el siguiente mensaje. WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. Ya he comprobado que tenga los paquetes debian-keyring i debian-archive-keyring instalados. Además al hacer un apt-key list parece que las claves están instaladas MSLWB001:~# apt-key list /etc/apt/trusted.gpg pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key [EMAIL PROTECTED] ¿Tenéis idea de que està pasando? gracias -- Arnau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude y Untrusted packages could compromise your system's security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 El 24/07/07 14:36, Arnau escribió: (...) WARNING: untrusted versions of the following packages will be installed! Te falta el paquete de las Keyring's de los repositorios de Debian. Instálate el paquete debian-keyring: apt-get install debian-keyring También te vale el devscripts. Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. Normal. Te faltan las firmas de los repositorios. Ya he comprobado que tenga los paquetes debian-keyring i debian-archive-keyring instalados. Además al hacer un apt-key list parece que las claves están instaladas MSLWB001:~# apt-key list /etc/apt/trusted.gpg pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key [EMAIL PROTECTED] _Creo_ y estoy seguro, que te faltan más keyring's,...: [EMAIL PROTECTED]:/tmp/orbit-sjlopezb# apt-key list /etc/apt/trusted.gpg - pub 1024D/2D230C5F 2006-01-03 [caducó: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/6070D3A1 2006-11-20 [caduca: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key [EMAIL PROTECTED] pub 1024D/1F41B907 1999-10-03 uid Christian Marillat [EMAIL PROTECTED] uid Christian Marillat [EMAIL PROTECTED] sub 1536g/C28DCC42 1999-10-03 sub 1024D/5D3877A7 2002-08-26 pub 1024D/E23C5FC3 2007-03-15 uid Arnav Ghosh (Automatix Team Lead) [EMAIL PROTECTED] sub 2048g/C2D84CF8 2007-03-15 pub 1024D/16BA136C 2005-08-21 uid Backports.org Archive Key [EMAIL PROTECTED] sub 2048g/5B82CECE 2005-08-21 pub 1024D/6A7476EA 2006-11-09 uid Nicholas Thomas (Repository signing key) [EMAIL PROTECTED] sub 4096g/5484FC01 2006-11-09 pub 1024D/7FAC5991 2007-03-08 uid Google, Inc. Linux Package Signing Key [EMAIL PROTECTED] sub 2048g/C07CB649 2007-03-08 [EMAIL PROTECTED]:/tmp/orbit-sjlopezb# Y se pueden conseguir más... ¿Tenéis idea de que està pasando? Jejeje,...ya te dí una parte. ;-) - -- Slds de Santiago José López Borrazás. Admin de hackindex.com/.es Conocimientos avanzados en seguridad informática. Conocimientos avanzados en redes. -BEGIN PGP SIGNATURE- iQIVAwUBRqX4t7uF9/q6J55WAQpbBxAAiKBPetXypYd5QLKOVU3VP9h/9h+Vt9Nz 5JmznconYAasg/HrjMFCPPoD1nQO9xWOB7phdZPmgLJQWJKMIocdzDE+k7GPdhe7 7mF/mMM40gewFcxxOyEwSYtChPTeAL6tfBhuZ5tU3IBS/WKFTlc6cet8ruk/lpnc IFjyaoo460VFm+/y94iC1TXu5pLAq6J35Nwl6Se8uY3pmv73d86TllKYZJ3urnaL 7uSUpFP6abPy89aoPWQ2QdgaqQqWtTGkDjPj7MqW6Yzs9XpvJMu+lsUn6CJlRo4g n6Y9kpzJ72QhpOMubvdBy1NGZ1eww4j2cck1C9LnEkOPxZqjgS9/WPxsZXyXotw4 zQtoAx4LHPh6O1bBivrQAXsh2rJ9irbkRLTpHelDvYYABGgzPMiC3737ANiSv53Y pKs9Zd48jjTAC0NCGB8pA19KuqfH3r9mm8Y3D7LdL20kZFb6UA5zPayG4EY2XVw1 cF0gscByyJPZ/c2DjGSbXzXjPyebOPQr33I5jiv5+tERXSDun5y44R0PyR/bxLcw rG+TWn4px2wK0UDnSiKVizs9wGe8zerRknBibqStrF0nOaxhqcDlBDOV647z7Y+d 3IcQvc8OUkOvhVFLtg7VJJGNSgxh3s1uakKVW0ST5v4c2of3m4It4ivd/WSWQhnv u8vl7jwbqdY= =Jfpp -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude y Untrusted packages could compromise your system's security.
Santiago José López Borrazás wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 El 24/07/07 14:36, Arnau escribió: (...) WARNING: untrusted versions of the following packages will be installed! Te falta el paquete de las Keyring's de los repositorios de Debian. Instálate el paquete debian-keyring: apt-get install debian-keyring Muchas gracias!! -- Arnau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
aptitude and Untrusted packages could compromise your system's security.
Hi all, I've installed a new server and everytime I want to install a new package the following message appears: WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. In other servers I have appeared something like The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8899AABBCCDDEEFF and I know how to fix it. How can I remove the WARNING: untrusted versions of the following packages will be installed!...? Thanks -- Arnau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude and Untrusted packages could compromise your system's security.
Hi Arnau. Arnau, 24.07.2007 11:54: I've installed a new server and everytime I want to install a new package the following message appears: […] How can I remove the WARNING: untrusted versions of the following packages will be installed!...? How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. Regards, Mathias -- debian/rules signature.asc Description: OpenPGP digital signature
Re: aptitude and Untrusted packages could compromise your system's security.
Hi Mathias, Arnau, 24.07.2007 11:54: I've installed a new server and everytime I want to install a new package the following message appears: […] How can I remove the WARNING: untrusted versions of the following packages will be installed!...? How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. Before sending my message to the list, I already searched in google and read all the http://wiki.debian.org/SecureApt info. Also I checked that I had installed the debian-keyring and debian-archive-keyring. I haven't found anything that explains the message I get. I have the keys installed, but I don't know what is wrong and that's why I ask help to the list. MSLWB001:~# apt-key list /etc/apt/trusted.gpg pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key [EMAIL PROTECTED] -- Arnau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude and Untrusted packages could compromise your system's security.
Hi Arnau. Arnau, 24.07.2007 14:31: Arnau, 24.07.2007 11:54: I've installed a new server and everytime I want to install a new package the following message appears: […] How can I remove the WARNING: untrusted versions of the following packages will be installed!...? How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. Before sending my message to the list, I already searched in google and read all the http://wiki.debian.org/SecureApt info. Also I checked that I had installed the debian-keyring and debian-archive-keyring. I haven't found anything that explains the message I get. I have the keys installed, but I don't know what is wrong and that's why I ask help to the list. Are you sure that the packages in question are from the official repository? These are signed and should work without problems. (Also do an apt-get update just in case.) Regards, Mathias -- debian/rules signature.asc Description: OpenPGP digital signature
Re: aptitude and Untrusted packages could compromise your system's security.
How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. I did this and am did not find the correct answer. Long ago I installed debian-archive-keyring via synaptic, this solved all problems then, but lately I added another archive to pick up come codecs stuff and started getting those error messages again. I no longer suscribe to those so I have no problems now - and your answer would not help. Would it not be better to tell what needs to be installed if you know it? Pointing to where the person could find more info is also extremely helpful but may add to confusion.
Re: aptitude and Untrusted packages could compromise your system's security.
On Tue, Jul 24, 2007 at 14:31:37 +0200, Arnau wrote: Hi Mathias, Arnau, 24.07.2007 11:54: I've installed a new server and everytime I want to install a new package the following message appears: […] How can I remove the WARNING: untrusted versions of the following packages will be installed!...? How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. Before sending my message to the list, I already searched in google and read all the http://wiki.debian.org/SecureApt info. Also I checked that I had installed the debian-keyring and debian-archive-keyring. I haven't found anything that explains the message I get. I have the keys installed, but I don't know what is wrong and that's why I ask help to the list. MSLWB001:~# apt-key list [ snip: the three currently used official keys are installed ] I think your symptoms indicate a problem with the mirror that you are using. Most of the time these problems are temporary and are solved after another apt-get update (maybe after waiting a bit). If you are in a hurry then you can simply switch to another mirror. -- Regards,| http://users.icfo.es/Florian.Kulzer Florian |
Re: aptitude and Untrusted packages could compromise your system's security.
Hi George. George Hein, 24.07.2007 14:42: How about doing the obvious and searching for that warning? You’ll learn about Secure Apt and PGP keys. I did this and am did not find the correct answer. Long ago I installed debian-archive-keyring via synaptic, this solved all problems then, but lately I added another archive to pick up come codecs stuff and started getting those error messages again. Are you talking about debian-multimedia.org? If, did you install their keyring package? I no longer suscribe to those so I have no problems now - and your answer would not help. Depends. If you have never heard of SecureApt and PGP, it’ll give you some hints where to start. Would it not be better to tell what needs to be installed if you know it? I would have done so if I had known what package could solve this. Regards, Mathias -- debian/rules signature.asc Description: OpenPGP digital signature
aptitude: untrusted packages
Hi, Aptitude gave me a rather unexpected message today. $ aptitude -s upgrade ... WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. yaird Do you want to ignore this warning and proceed anyway? To continue, enter Yes; to abort, enter No: $ apt-cache policy yaird yaird: Installed: 0.0.11-10 Candidate: 0.0.11-11 Version table: 0.0.11-11 0 900 http://ftp.nl.debian.org sid/main Packages 700 http://debian.jones.dk sid/misc Packages *** 0.0.11-10 0 890 http://ftp.nl.debian.org etch/main Packages 100 /var/lib/dpkg/status I know that the message is a result of not having the gpg key for debian.jones.dk in my keyring, but I'm not trying to install the version from debian.jones.dk. I don't have the key in my keyring because I don't trust the packages there. I want to be notified when trying to install one of them. When I answer yes to the question above, aptitude will get the (trusted) package from ftp.nl.debian.org. So why does it warn me about untrusted packages? I want to be able to install yaird (from the normal repositories) without this warning. Only when a package will actually be retreived from an untrusted source should aptitude warn me. Does anyone know what to do about this, or should I consider this a bug and file a report? Felix -- Felix C. Stegerman [EMAIL PROTECTED] Any sufficiently advanced bug is indistinguishable from a feature. -- R. Kulawiec -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]