I added the Ubuntu package signing keys to my personal key chain. Afterwards I can verify the the signatures on the lists downloaded by 'apt-get update', e.g.
$ LANG=C gpg --verify /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_Release gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using DSA key ID 437D05B5 gpg: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5 gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using RSA key ID C0B21F32 gpg: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32 So the error message of apt: W: The repository 'http://archive.ubuntu.com/ubuntu xenial-updates InRelease' is not signed. appears to be wrong. The problem appears to be that apt is unable to recognize/check the perfectly good signature on the downloaded files. Is there any way to debug the signature verification process? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1592040 Title: Can't update repos due to signing problems Status in apt package in Ubuntu: Confirmed Bug description: I can't update the repos through 'sudo apt-get update' due to these errors: W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial InRelease: Errore sconosciuto durante l'esecuzione di apt-key W: The repository 'http://archive.ubuntu.com/ubuntu xenial InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-updates InRelease: Errore sconosciuto durante l'esecuzione di apt-key W: The repository 'http://archive.ubuntu.com/ubuntu xenial-updates InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-backports InRelease: Errore sconosciuto durante l'esecuzione di apt-key W: The repository 'http://archive.ubuntu.com/ubuntu xenial-backports InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-security InRelease: Errore sconosciuto durante l'esecuzione di apt-key W: The repository 'http://archive.ubuntu.com/ubuntu xenial-security InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. The /etc/apt/sources.list contains only the official Ubuntu repo since it's untouched from a clean 16.04 install. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1592040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp