On Mon, Apr 02, 2012 at 11:45:12AM +0100, Klaus Ethgen wrote: > Am Mo den 2. Apr 2012 um 10:58 schrieb Alessandro Ghedini: > > tags 666885 moreinfo > > kthxbye > > > > On Mon, Apr 02, 2012 at 08:04:06AM +0100, Klaus Ethgen wrote: > > > Package: libcurl3-gnutls > > > Version: 7.21.0-2.1+squeeze2 > > > Severity: serious > > > Tags: squeeze > > > > > > The curent security update has a nontrusted signature. So there is no > > > evidence that this package is safe. > > > > What do you mean with "untrusted signature"? Did you refer to the key that > > was > > used to upload the package? > > Seems to be... > > ~> apt-get dist-upgrade > Reading package lists... Done > Building dependency tree > Reading state information... Done > Calculating upgrade... Done > The following packages will be upgraded: > curl (7.21.0-2.1+squeeze1 => 7.21.0-2.1+squeeze2) > libcurl3 (7.21.0-2.1+squeeze1 => 7.21.0-2.1+squeeze2) > libcurl3-gnutls (7.21.0-2.1+squeeze1 => 7.21.0-2.1+squeeze2) > 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > Need to get 780 kB of archives. > After this operation, 12.3 kB disk space will be freed. > Do you want to continue [Y/n]? > WARNING: The following packages cannot be authenticated! > libcurl3 curl libcurl3-gnutls > Install these packages without verification [y/N]?
I cannot reproduce this. On a just-updated squeeze clean chroot (6.0.4): root@PC-Ale:/# apt-get install libcurl3-gnutls Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: libcurl3-gnutls 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 266 kB of archives. After this operation, 532 kB of additional disk space will be used. Get:1 http://security.debian.org/ squeeze/updates/main libcurl3-gnutls amd64 7.21.0-2.1+squeeze2 [266 kB] Fetched 266 kB in 0s (552 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously deselected package libcurl3-gnutls. (Reading database ... 12952 files and directories currently installed.) Unpacking libcurl3-gnutls (from .../libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb) ... Setting up libcurl3-gnutls (7.21.0-2.1+squeeze2) ... Same for curl and libcurl3. Does this happen only with curl packages? When was the last time you did an apt upgrade (except this one, of course)? Cheers -- perl -E'$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
signature.asc
Description: Digital signature