*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
In short: The GPG key 105BE7F7, with that 'linux' source package is signed, revoked on 08/16/16 (4 months ago!) How to reproduce: $ apt-get source linux-image-$(uname -r) ... Picking 'linux' as source package instead of 'linux-image-4.4.0-53-generic' ... Get:2 http://ru.archive.ubuntu.com/ubuntu xenial-updates/main linux 4.4.0-53.74 (tar) [133 MB] ... gpgv: Signature made Пт 02 дек 2016 18:32:18 MSK using RSA key ID 105BE7F7 gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./linux_4.4.0-53.74.dsc ... ### if you add this key: $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 105BE7F7 $ apt-key list ... pub 4096R/105BE7F7 2011-09-06 uid Brad Figg <brad.f...@canonical.com> sub 4096R/F336E4D5 2011-09-06 pub 4096R/105BE7F7 2014-06-16 [revoked: 2016-08-16] uid Brad Figg <brad.f...@canonical.com> ### THE KEY IS REVOKED 4 MONTHS AGO! ### Additional info: $ lsb_release -rd Description: Ubuntu 16.04.1 LTS Release: 16.04 ### My unmodified /etc/apt/sources.list in attachment. ### Note, /etc/apt/sources.list.d/ directory is empty. ** Affects: apt (Ubuntu) Importance: Undecided Status: New ** Tags: gpg invalid linux signature source -- 'linux' source package signature is not valid https://bugs.launchpad.net/bugs/1649097 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
