Goswin Brederlow wrote: > Package: cupt > Version: 0.2.2 > Severity: normal > > Hi, > > for ia32-apt-get to work it has to do some magic with the Index files > apt-get downloads. This means mangling them after they have been > downloaded and signatures checked. This is fine in apt-get as it does > not check the signature again, only on download. > > Now cupt on the otherhand seems to check the signature on every > invocation, even "cupt show cupt" resulting in warnings like this: Yes, this considered as a feature.
> > W: gpg: '/var/lib/apt/lists/chocos_debian_dists_sid-amd64_Release': bad > signature: EA4ADBF06B83280C reprepro (signing key) > <brede...@informatik.uni-tuebingen.de> > > The signature check is not needed as the Release.gpg file will ever > only be there if the signature did check out during download. Cupt places Release.gpg to .../lists always. The bad signature will able to become good once you fixed it someway (without re-invoking 'apt-get/aptitude/cupt/etc. update'). The good signature will able to become bad once someone revokes its key. > So > besides this breaking ia32-apt-get it is also a huge waste of time. I will think about making this behavior optional, nevertheless, how does this warning break ia32-apt-get? -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com C++/Perl developer, Debian Maintainer
signature.asc
Description: OpenPGP digital signature
