Package: apt Version: 0.8.15.9 Severity: important Heya,
I am currently sitting on a kinda crappy line (hotel WiFi, who guess) and had some fun while trying to run my usual apt-get update tonight. The WiFi seems to run a Squid in a sort of transparent setup. Sort of because it forbids me access to dl.google.com and resolves ftp.de.debian.org to a wrong IP (82.98.86.171). The funny thing about that machine is, it returns the same page to any request, no 404, no 502, no kitten. Now the page ends up served as 'Packages', 'InRelease', the signatures etc. Apt of course refuses to work, as it cannot check the signature. But the problem is that apt never clears the bad signature file. Every next run of apt-get will end up with a W: GPG error: http://ftp.de.debian.org squeeze Release: The following signatures were invalid: BADSIG AED4B06F473041FA Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmas...@debian.org> as the signature file is still borked and of course cannot be verified. Only the killing of the files in /var/lib/apt/lists/ brings apt back to life. This might have two outcomings for the user (as far I can think of, you could for sure come up with more): 1. unexperienced user, uses some apt frontend → no way to get updates 2. MITM a machine updating the files and you prolly stop it from fetching updates via cron I hope there is some way to fix that. Regards Evgeni -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2010.08.28 ii gnupg 1.4.11-3 ii libc6 2.13-24 ii libgcc1 1:4.6.2-12 ii libstdc++6 4.6.2-12 ii zlib1g 1:1.2.3.4.dfsg-3 apt recommends no packages. Versions of packages apt suggests: ii apt-doc <none> ii aptitude 0.6.4-1.2 ii bzip2 1.0.6-1 ii dpkg-dev 1.16.1.2 ii python-apt 0.8.3 ii synaptic 0.75.4 ii xz-lzma [lzma] 5.1.1alpha+20110809-3 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
