On Sun, Feb 07, 2010 at 12:47:10AM +0800, jida...@jidanni.org wrote: > I can't take it any more, day after day various incomplete apt-get > updates, e.g., bug 564829 and Bug#553533: Seeing BADSIG 9AA38DCD55BE302B > frequently. What apt-get -o option can I use to turn off all this > security or whatever checking? It's just too much hassle.
I guess you can read yourself the apt-get manpage or search it on the web: http://lmgtfy.com/?q=disable+gpg+check+apt. Anyway, turning this off wouldn't help in your case. Indeed such a signature allows to check the authentication and integrity of the file. Here, as we know the file is indeed signed by the ftp-master key, the issue is in the file integrity. Sometimes the integrity issues is on the Release file and hence detected by GPG, sometimes at a later step this is detected by the MD5 sum. So, I still suspect a transparrent proxy on your path to ftp.tw, that serves outdated data. (no a traceroute cannot tell you whether there is a transparent proxy) See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564829#40 where I requested your IP when issues happens. When you get an error about a specific file, download it yourself and perform a md5sum on it, provide the result (and date). wget [--no-cache] http://ftp.tw.debian.org/debian/dists/experimental/main/binary-i386/Packages.bz2 --no-cache tells any intermediate transparent proxy to disable caching. -- Simon Paillard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
