Why are some packages not trustworthy?
- Inicie sesión ou rexístrese para enviar comentarios
Sometimes I get a message from apt stating that the packages I want to install are not trustworthy.
trisquel-keyring is installed. It doesn't happen for all packages, only for some (I can't see any pattern in it yet).
It looks like this: https://i.imgur.com/8PqTe4P.png
It might well be that this is a Trisquel-inbuilt-warning-message because of these
ati-/radeon-packages and it has nothing to do with your authentication, keyring or something else....
....but i'm not sure about that.
My answer is just speculation!
Thank you for your help. It does not seem to related to the package though. I just installed geany and ttf-ubuntu-font-family.
What's interesting is that the warning I got are different:
---------
Geany:
WARNUNG: Die folgenden Pakete können nicht authentifiziert werden!
geany-common geany
Diese Pakete ohne Überprüfung installieren? [j/N]
---------
Ubuntu font family:
WARNUNG: nichtvertrauenswürdige Versionen der folgenden Pakete werden installiert!
Nichtvertrauenswürdige Pakete können die Sicherheit Ihres Systems gefährden.
Sie sollten nur dann mit der Installation fortfahren, wenn Sie sicher sind, dass
Sie dies wirklich wollen.
ttf-ubuntu-font-family
Wollen Sie diese Warnung ignorieren und trotzdem weitermachen?
Geben Sie zum Weitermachen »Ja«, zum Abbrechen »Nein« ein:
---------
Could be related to that I install only one package, not multiple, but the second warning contains a more detailed warning. Coming from Arch, I don't have much apt practice...
Edit: Oh and by the way, these packages are from the official repos obviously. These are the free/libre/FLOSS/whatever drivers from Trisquel.
You should note that this is the English forum, and not all of us speak German. :) It would help if you translate the error messages.
Anyway, I do know a little German, so I've looked at a German-English dictionary to try to translate the messages. This:
> WARNUNG: Die folgenden Pakete können nicht authentifiziert werden!
I think translates approximately to this:
> WARNING: The following packages cannot be authenticated!
If my translation is accurate, this is telling you (I think) that the package isn't signed properly with a trusted key. This can mean either that the Trisquel packagers made a mistake, or that you're a victim of a man-in-the-middle attack. I've gotten a warning like this before, and when I did, I just waited I think a day or two and it went away. That's probably what I would do again, in case it really is a man-in-the-middle attack.
As for this one:
> WARNUNG: nichtvertrauenswürdige Versionen der folgenden Pakete werden installiert!
It looks like that translates to, in English:
> WARNING: Untrustworthy versions of the following packages will be installed!
So, a very similar warning. My guess is the package is signed by a key that's on some sort of blacklist, or something, but I'm not sure.
Oh sorry, I somehow didn't think about that some may not understand the warnings! :) I know this is an English forum, sorry.
Your translations are correct, and I too think that the problem must be somewhere in the signing of the packages. It is very unlikely that I am being MitM-ed, so I presume that Trisquel devs made some mistake, but nobody else seems to have these errors.
Actually, I now get these warnings with every package I try to install. Kinda weird, and I'd not like to keep ignore the warnings forever (they exist for a reason...) so I hope this fixes itself soon.
If an error was made, it was made by the administrator of the mirror you use. You can choose to download your packages from another mirror from "Software and updates" (or a similar name, I translate from French) in the "System settings".
I also have seen those warnings in the past. I guess one thing you could try is using another mirror. While probably nothing evil, it certainly does not feel good to just ignore such warnings.
I was also having this problem (when installing software, warning saying the packages cannot be authenticated).
This was on Trisquel 7. I had not made any changes to the default software sources, mirror, trusted signing key, or any other Software & Updates settings.
The default mirror was in.archive.trisquel.info. I don't know why; I am not in India. Changing to the main server fixed the problem.
In case anyone is having this problem, reading this thread, and doesn't know how to change mirror, here's what to do:
Click on the Trisquel symbol in the lower left of the screen. Go to System Settings. Go to Software & Updates. In the Trisquel Software tab, there will be a pulldown menu called "Download from:". Change it to something else (this is referred to as changing to a different mirror). Close the settings window, and see if this has solved your problem. As I said before, the main server is working for me as of the date of this post.
- Inicie sesión ou rexístrese para enviar comentarios