Hi! I have the same problem with a different underlying cause, a Release file with a correct signature but an invalid date.
Updating the package list interactively shows no problems but hangs at "Loading cache". When updating the package list noninteractively via "aptitude update" the problem is shown (URLs obfuscated for privacy reasons): root@cindy:~# apt-get update Ign:1 AAA wheezy InRelease Ign:2 BBB jessie InRelease Hit:4 BBB stretch InRelease Hit:5 BBB sid InRelease Hit:6 BBB jessie-updates InRelease Hit:7 BBB stretch-updates InRelease Hit:8 BBB jessie Release Get:3 AAA wheezy Release [2612 B] Get:9 AAA wheezy Release.gpg [836 B] Ign:10 CCC sid InRelease Hit:11 CCC sid Release Hit:12 DDD stable InRelease Hit:13 EEE jessie/updates InRelease Hit:14 EEE stretch/updates InRelease Get:16 AAA wheezy/main amd64 Packages [1345 B] Get:17 AAA wheezy/main i386 Packages [1345 B] Hit:19 FFF jessie InRelease Fetched 6138 B in 2s (2857 B/s) Reading package lists... Done W: Invalid 'Date' entry in Release file /var/lib/apt/lists/partial/aaa_dists_wheezy_Release W: The repository 'AAA wheezy Release' provides only weak security information. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. The workaround is to simply update the package list noninteractively via "aptitude update" and then use aptitude interactively but not update the package list there. Unfortunately I cannot share these files publicly. The invalid date entry in the Release file is: Date: Tue, 12 Jul 2016 09:23:31 CEST Valid-Until: Tue, 30 Nov 2038 00:00:00 JST Of course in this case it's a repository bug, still, the behavior of aptitude could be more graceful. Cheers Marc
