"None shall defy the authority of truth, and the evil of falsehood is to be fought with enlightened speculation." --Ibn Khaldun, *Muqaddimah*
Well, Peter, without a valid certificate signature, I do not trust you myself. It seems to me like you are attempting to create a Trojan Horse, and asking Cerberus to teach you to do it. I have forwarded a blind carbon copy of your message to internal security experts within the Debian Project. On 12/16/07, MLA (Peter Clark) <[EMAIL PROTECTED]> wrote: > > Package: apt-transport-https > Version: 0.7.6ubuntu14 > Severity: important > > I've set up a private apt repository and signed my own packages with my > own > key. Furthermore, on the client computers I installed apt-transport-https. > When I 'apt-get update', however, 50% of the time I get the following > warnings: > > W: Bizarre Error - File size is not what the server reported 0 728 > W: GPG error: https://packages.mydomain.org unstable Release: The > following > signatures were invalid: BADSIG 6A3E7382C8A7B074 Peter Clark > <[EMAIL PROTECTED]> > W: You may want to run apt-get update to correct these problems > > When I run 'apt-get update' again, these problems do disappear...only to > reappear the next time. So the error appears very consistently, 50% of the > time. When I change the relevant line in /etc/apt/sources.list from: > > deb https://packages.mydomain.org unstable main > > to: > > deb http://packages.mydomain.org unstable main > > everything works fine; no weird file sizes, no GPG errors. I therefore > interpret > this to mean that the repository and my GPG key are not the problem, which > leaves > apt-transport-https as the only remaining possibility. > > Additional note: the SSL certificate served by mydomain.org is > self-signed; I > don't know if that makes a difference or not. > > -- System Information: > Debian Release: lenny/sid > APT prefers gutsy-updates > APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, > 'gutsy') > Architecture: i386 (i686) > > Kernel: Linux 2.6.22-14-generic (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages apt-transport-https depends on: > ii apt [libapt-pkg-libc6.6 0.7.6ubuntu14 Advanced front-end for dpkg > ii libc6 2.6.1-1ubuntu10 GNU C Library: Shared > libraries > ii libcurl3-gnutls 7.16.4-2ubuntu1 Multi-protocol file transfer > libra > ii libgcc1 1:4.2.1-5ubuntu4 GCC support library > ii libstdc++6 4.2.1-5ubuntu4 The GNU Standard C++ Library > v3 > > apt-transport-https recommends no packages. > > -- no debconf information > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
