Re: Debian packages without md5sums

On Mon, Sep 10, 2007 at 09:17:59PM +0000, Felix Karpfen wrote:
>
> The fault is mine/my setup. My connection to the internet is slow;
> hence I am reduced to using the DVDs for upgrades. Although I procured
> the "official" Etch DVD set from a supplier listed by Debian, there were
> numerous notifications during the "dist-upgrade" that I was installing
> "untrusted packages". And, due to my slow internet connection, I refrained
> from running the recommended "aptitude update" at the end of the
> successful "dist-upgrade".

these errors (untrusted packages) have to do with the new secure-apt system which uses gpg keys to confirm the signatures on packages. Install the debian-archive-keyring package and then update.

>
> Is there an alternative to "aptitude update" or do I have to live with the
> missing md5sums and "untrusted packages"?

there is not really any alternative to "aptitude update" unless you consider some other apt front-end an alternative (apt-get, synaptic) but they all do the same thing. The missing md5 sums has nothing to do with the trusted/untrusted packages issue.

In theory, you have installed packages that may be compromised due to the failure to check the signatures. In practice, this is probably not a real issue. You could pull known-good debs from somewhere and compare md5sums to confirm that your installation is good, but its probably not worth the effort, unless you have some reason to be concerned about compromise.

You definitely should make sure you read up on the debian-archive-keyring and get it installed and working properly.

A

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: Digital signature

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek