Hi. On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote:
> root@debian:/home/richard# apt-get install pforth > Reading package lists... Done > Building dependency tree > Reading state information... Done > The following NEW packages will be installed: > pforth > 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. > Need to get 0 B/81.2 kB of archives. > After this operation, 291 kB of additional disk space will be used. > WARNING: The following packages cannot be authenticated! > pforth > Install these packages without verification [y/N]? > E: Some packages could not be authenticated <skip> > root@debian:/home/richard# apt-get update > Ign file: squeeze Release.gpg Note those 'Ign' records for each ISO you're using. Debian doesn't sign packages per se, they sign whole repository with usual 'public key - private key' scheme. 'debian-keyring' package provides you with public keys, and of course private keys are kept, well, private. Apt (aptitude, synaptic, whatever tool you're using) will start to complain if: 1) Repository is signed with unknown or untrusted key. See 'apt-key list' output for the list of keys you're trusting. 2) Repository is signed with an expired key. Yes, each key have a lifetime. 3) Repository isn't signed at all. IIRC Debian does not sign the repository they put on 'Official CD's at all, hence this warning you're given. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140417154813.GA6579@x101h
