> From: Hedges, Mark > Sent: Monday, August 28, 2006 11:19 AM > To: [email protected] > Subject: apt-check-sigs and apt-get sig errors > > > Is apt-check-sigs supposed to work with etch these days? > Does this mean nothing works right, or am I compromised? > > I get sporadic complaints from `apt-get update` as well > saying that the packages are not signed with the right key.
Like this. What does this mean? I get a lot of bad sig messages too, with key sigs that don't seem to be on any keyring. I get these at work and at home, so I figure it's actually the server, not a MITM. Fetched 42.4kB in 8s (4768B/s) Reading package lists... Done W: GPG error: http://security.debian.org stable/updates Release: The following signatures were invalid: NODATA 2 W: GPG error: http://security.debian.org testing/updates Release: The following signatures were invalid: NODATA 2 W: You may want to run apt-get update to correct these problems -------------------- This email message is for the sole use of the intended recipient(s) and may contain privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
