LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 12-19-2007, 11:03 PM   #1
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Rep: Reputation: 16
I see this message when starting the Package Updater... What should I do?


Quote:
W: GPG error: http://hk.archive.ubuntu.com gutsy-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
Is something horrible happening? What should I do?
 
Old 12-19-2007, 11:41 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by lawrence_lee_lee View Post
Is something horrible happening?
Maybe. Or rather, something horrible may have just been prevented.

The signature checking is in place to prevent something horrible from happening. Here is a technical explanation of "secure apt," which is a mechanism to make sure the files you download haven't been maliciously altered.

I'll try to summarize, glossing over most of the technical stuff. Quoting from the above link:

Quote:
A Debian archive contains a Release file, which is updated each time any of the packages in the archive change. Among other things, the Release file contains some MD5 sums of other files in the archive.
By comparing the MD5sums of downloaded files with those contained in the Release file, the authenticity of the downloaded files can be verified. (Not quite true, but that is a technical security discussion that I won't attemp here.) But that assumes that the Release file itself has not been tampered with. For that reason, the Release file is digitally signed with a gpg signature. (GPG is similar to Pretty Good Privacy (PGP)).

Your error message says something didn't match up here. It could be that something malicious has been attempted (but thwarted). More likely, it is an innocent mistake. But you should proceed as if it is malicious. (Err on the side of caution.)

If this is the first time you have seen this message, I would suggest that you just wait a day or two and see if it goes away by itself. Otherewise, I suggest you do a search over at UbuntuForums.org and see if there is already a discussion going on this. If this is a standard repository, you are probably not the only one getting this message.

Last edited by blackhole54; 12-19-2007 at 11:44 PM. Reason: typo
 
Old 12-20-2007, 01:37 AM   #3
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Original Poster
Rep: Reputation: 16
Thank you! Your explanation is clear and detailed. Thanks a lot! This ease my worry!
 
Old 12-21-2007, 07:19 PM   #4
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Manjaro
Posts: 963

Rep: Reputation: 36
if you are installing somthing from a repo try setting a differnt mirror,

it may be that that file on the mirror is corrupt

most likly situation is a corrupt file on the mirror or a corrupted download
 
Old 12-21-2007, 08:52 PM   #5
kav
Member
 
Registered: May 2006
Location: USA
Distribution: FreeBSD Ubuntu Debian
Posts: 137

Rep: Reputation: 15
sometimes you just need to re-import the key

http://ubuntuforums.org/showthread.php?t=380294
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FC6 Package Updater tommytomato Fedora 3 05-15-2007 07:03 AM
Hi Everyone! First Problem - Slow Package Updater Sharkskin Boy Linux - Newbie 4 03-24-2007 10:13 PM
Package updater concurrent access bertie57 Linux - Newbie 3 01-12-2007 03:07 AM
Package updater hangs like it on dial up maprx Fedora 0 06-15-2006 06:05 AM
MMC dissappeared after using Package Updater messymutty Mandriva 1 06-06-2004 10:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 12:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration