Package: aptitude
Version: 0.6.3-3
Severity: normal
With every attempt to install today, aptitude gave me:
WARNING: untrusted versions of the following packages will be installed!
More information was provided about the potential harm of installing
untrusted packages, but what I really wanted to know was:
1) then name and version of the package(s) in question
2) the source from which the untrusted package(s) would be installed
3) specifically what step in the trust process failed (i.e. why they
were not trusted)
Trust has to do not merely with the name of the package but with the
specific
package (a particular version from a particular source) that aptitude is
proposing to install.
In order to assess trust and generate the warning, aptitude must be
dealing
with a specific package from a specific source. Providing this
information
along with the warning that the package is untrusted would facilitate
isolating
and correcting the fault in the trust system.
In my case, the problem was not the "obvious" one that I was installing
packages from a repository for which I didn't have keys or that the
packages
were not signed. The packages were all from the Debian repositories and
I had
the keys installed. Installations were completed without the warnings
until
today.
I tried re-installing debian-keyring and debian-archive-keyring, but
doing so
made no difference.
The problem was resolved by running aptitude update
I didn't see anything in the information provided with the warning that
suggested an aptitude update would solve the problem. Nor, after the
fact, can
I understand why it did solve the problem or what was wrong in the first
place.
I did search for and read many pages about the warning, keyrings in
general and
the apt trust system, but none of them suggested an update would solve
the
problem - they all gave information about how to download and install
keys
(keyrings?). None of them explain what was actually wrong or why the
packages
were not trusted, except in the general sense that some key for
something must
have been required and was not found.
I tried running aptitude with -V and -v options, but still it did not
clearly
indicate what versions of the packages were not trusted or from what
source
they were not trusted or, specifically, why they were not trusted.
I don't know much about aptitude or the trust system, so maybe my ideas
are
unfounded. All I can say for certain is that the warning highlighted the
risk
but did not give enough information to easily determine the root cause
of the
failure or to correct it and I am quite certain aptitude had and could
easily
have provided more information along with the warning.
-- Package-specific info:
aptitude 0.6.3 compiled at Jul 10 2010 21:00:20
Compiler: g++ 4.4.4
Compiled against:
apt version 4.8.0
NCurses version 5.7
libsigc++ version: 2.2.4.2
Ept support enabled.
Gtk+ support disabled.
Current library versions:
NCurses version: ncurses 5.7.20100313
cwidget version: 0.5.16
Apt version: 4.8.0
linux-vdso.so.1 => (0x00007fff579ff000)
libapt-pkg-libc6.9-6.so.4.8 => /usr/lib/libapt-pkg-libc6.9-6.so.4.8
(0x00007f637b773000)
libncursesw.so.5 => /lib/libncursesw.so.5 (0x00007f637b520000)
libsigc-2.0.so.0 => /usr/lib/libsigc-2.0.so.0 (0x00007f637b31a000)
libcwidget.so.3 => /usr/lib/libcwidget.so.3 (0x00007f637b04e000)
libept.so.1 => /usr/lib/libept.so.1 (0x00007f637adfc000)
libxapian.so.15 => /usr/lib/libxapian.so.15 (0x00007f637aaa7000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f637a88f000)
libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0x00007f637a5ff000)
libboost_iostreams.so.1.42.0 => /usr/lib/libboost_iostreams.so.1.42.0
(0x00007f637a3e3000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f637a1c7000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f6379eb3000)
libm.so.6 => /lib/libm.so.6 (0x00007f6379c30000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f6379a1a000)
libc.so.6 => /lib/libc.so.6 (0x00007f63796b9000)
libutil.so.1 => /lib/libutil.so.1 (0x00007f63794b5000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f63792b1000)
libbz2.so.1.0 => /lib/libbz2.so.1.0 (0x00007f63790a0000)
librt.so.1 => /lib/librt.so.1 (0x00007f6378e98000)
/lib64/ld-linux-x86-64.so.2 (0x00007f637ba51000)
Terminal: xterm
$DISPLAY is set.
`which aptitude`: /usr/bin/aptitude
aptitude version information:
aptitude linkage:
-- System Information:
Debian Release: squeeze/sid
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'testing'), (500,
'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages aptitude depends on:
ii apt [libapt-pkg-libc6.9-6 0.7.25.3 Advanced front-end for dpkg
ii libboost-iostreams1.42.0 1.42.0-3 Boost.Iostreams Library
ii libc6 2.11.2-2 Embedded GNU C Library:
Shared lib
ii libcwidget3 0.5.16-3 high-level terminal
interface libr
ii libept1 1.0.3 High-level library for
managing De
ii libgcc1 1:4.4.4-7 GCC support library
ii libncursesw5 5.7+20100313-2 shared libraries for
terminal hand
ii libsigc++-2.0-0c2a 2.2.4.2-1 type-safe Signal Framework
for C++
ii libsqlite3-0 3.6.23.1-4 SQLite 3 shared library
ii libstdc++6 4.4.4-7 The GNU Standard C++
Library v3
ii libxapian15 1.0.20-2 Search engine library
ii zlib1g 1:1.2.5.dfsg-1 compression library -
runtime
Versions of packages aptitude recommends:
ii apt-xapian-index 0.38 maintenance tools for a
Xapian ind
pn aptitude-doc-en | aptitude-do <none> (no description available)
ii libparse-debianchangelog-perl 1.1.1-2 parse Debian changelogs and
output
ii sensible-utils 0.0.4 Utilities for sensible
alternative
Versions of packages aptitude suggests:
pn debtags <none> (no description available)
ii tasksel 2.81 Tool for selecting tasks
for insta
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
