on LMDE mintUpdate warns: software can't be authenticated
Posted: Mon Aug 05, 2013 11:58 am
Hi!
I'd like to raise an old issue with mintUpdate (Mint Update Manager) which is still present, IMHO.
LMDE x64 tracks Debian Testing with some additional repositories which are not crucial for the issue (it is also present with the additional repos removed):
When I try to upgrade packages in mintUpdate the following warning is displayed:
Here are the keys used by apt to authenticate packages:
I conclude that mintUpdate finds a problem with authentication of packages while the other tools do not.
Is there a bug in mintUpdate regarding this? (Clement Lefebvre and Chris Hodapp are listed as the authors of mintUpdate.)
-- rpr.
I'd like to raise an old issue with mintUpdate (Mint Update Manager) which is still present, IMHO.
Code: Select all
$ dpkg -l | grep mintupdate
ii mintupdate-debian 1.0.6 all Update Manager
Code: Select all
$ inxi -r
Repos: Active apt sources in file: /etc/apt/sources.list
deb [arch=amd64,i386] http://ftp.hr.debian.org/debian/ testing main contrib non-free
deb [arch=amd64,i386] http://ftp.hr.debian.org/debian/ experimental main contrib non-free
deb [arch=amd64,i386] http://security.debian.org testing/updates main
deb [arch=amd64,i386] http://packages.linuxmint.com/ debian main upstream import backport
deb [arch=amd64,i386] http://debian.mur.at/debian-multimedia/ testing main non-free
Active apt sources in file: /etc/apt/sources.list.d/multisystem.list
deb http://liveusb.info/multisystem/depot all main
Active apt sources in file: /etc/apt/sources.list.d/x2go.list
deb http://packages.x2go.org/debian jessie main
Here is the screenshot: In /usr/lib/linuxmint/mintUpdate/mintUpdate.py I found out that it invokes synaptic for upgrading packages. But if I try to do the upgrade in synaptic, it doesn't show the warning: Moreover, both apt-get and aptitude don't show the warning:You are about to install software that can't be authenticated! Doing this could allow a malicious individual to damage or take control of your system.
Code: Select all
$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
coreutils libbit-vector-perl libbrlapi0.6 libnewt0.52 libsnmp-base
libsnmp30 python-brlapi python-crypto python-dbus python-lxml
python-markupsafe python-numpy python-openssl python-sip
python-zope.interface python3-dbus whiptail
17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.2 MB of archives.
After this operation, 2,284 kB of additional disk space will be used.
Do you want to continue [Y/n]?
Code: Select all
$ sudo aptitude upgrade
The following packages will be upgraded:
coreutils libbit-vector-perl libbrlapi0.6 libnewt0.52 libsnmp-base
libsnmp30 python-brlapi python-crypto python-dbus python-lxml
python-markupsafe python-numpy python-openssl python-sip
python-zope.interface python3-dbus whiptail
17 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.2 MB of archives. After unpacking 2,284 kB will be used.
Do you want to continue? [Y/n/?]
Code: Select all
$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
pub 1024D/0FF405B2 2009-04-29
uid Clement Lefebvre (Linux Mint Package Repository v1) <root (@) linuxmint.com>
sub 2048g/0F346519 2009-04-29
pub 1024D/1F41B907 1999-10-03
uid Christian Marillat <marillat (@) debian.org>
uid Christian Marillat <marillat (@) free.fr>
sub 1536g/C28DCC42 1999-10-03
sub 1024D/5D3877A7 2002-08-26
pub 1024D/96F89133 2009-02-09
uid Oleksandr Shneyder <oleksandr.shneyder (@) obviously-nice.de>
sub 2048g/76AC2B76 2009-02-09
pub 2048R/5BFE2B6E 2011-03-10
uid X2go Debian/Ubuntu Packaging <debian (@) x2go.org>
sub 2048R/F489CDCF 2011-03-10
pub 2048R/DD7FB8CC 2010-06-28
uid Fabre François (multiboot gpg key) <liveusb (@) gmail.com>
sub 2048R/6FECE640 2010-06-28
pub 1024D/7FAC5991 2007-03-08
uid Google, Inc. Linux Package Signing Key <linux-packages-keymaster (@) google.com>
sub 2048g/C07CB649 2007-03-08
/etc/apt/trusted.gpg.d//debian-archive-squeeze-automatic.gpg
------------------------------------------------------------
pub 4096R/473041FA 2010-08-27 [expires: 2018-03-05]
uid Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster (@) debian.org>
/etc/apt/trusted.gpg.d//debian-archive-squeeze-stable.gpg
---------------------------------------------------------
pub 4096R/B98321F9 2010-08-07 [expires: 2017-08-05]
uid Squeeze Stable Release Key <debian-release (@) lists.debian.org>
/etc/apt/trusted.gpg.d//debian-archive-wheezy-automatic.gpg
-----------------------------------------------------------
pub 4096R/46925553 2012-04-27 [expires: 2020-04-25]
uid Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster (@) debian.org>
/etc/apt/trusted.gpg.d//debian-archive-wheezy-stable.gpg
--------------------------------------------------------
pub 4096R/65FFB764 2012-05-08 [expires: 2019-05-07]
uid Wheezy Stable Release Key <debian-release (@) lists.debian.org>
Is there a bug in mintUpdate regarding this? (Clement Lefebvre and Chris Hodapp are listed as the authors of mintUpdate.)
-- rpr.