Weblog entry #11 for dkg
See all weblog entries made by dkg.
W: There are no public key available for the following key IDs: A70DAF536070D3A1 W: There are no public key available for the following key IDs: A70DAF536070D3A1 W: There are no public key available for the following key IDs: A70DAF536070D3A1 W: You may want to run apt-get update to correct these problemsIs anyone else seeing this? a quick glance at google makes me think it's not very important, but i'd like some confirmation on this. Also, the identical repeated error messages look odd. If it's one from each upstream source, shouldn't apt include the message about which source is generating the error? otherwise, why bother printing the same thing 3 times?
Comments on this Entry
[ Parent | Reply to this comment ]
Hi,
This was reported on the Debian Forums as well. See here and here Another potential solution here
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
# gpg --export A70DAF536070D3A1 | apt-key add -I understand this as a way to get rid of the warning message. But promiscuously adding keys to your apt keyring defeats the purpose of using secure apt.
The whole point of using secure apt is that you know that the archive you are installing from is signed by a key you trust. If you blindly import keys from a keyserver and push them into apt-key, why bother with secure apt at all?
After another recent apt-get update i see that version 2006.11.22 of debian-archive-keyring just made it into unstable. The changelog for this is:
debian-archive-keyring (2006.11.22) unstable; urgency=low * Non-maintainer upload. * Add Etch release key * Bump priority to important (Closes: Bug#397698) * Update FSF address in copyright. -- Anthony Towns Wed, 22 Nov 2006 01:30:50 +1000I can install this package without warnings (i have sid in my sources.list as well as etch) because it's distributed signed with the old archive key. After installing it, the extra warnings go away. This is, i think, the proper way to make sure you've got a chained trust to the new Etch release key.
So, to be clear, if you have unstable in /etc/apt/sources.list, a simple
apt-get install debian-archive-keyring/unstableshould suffice to clear up the message.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
apt-get install debian-archive-keyring/testing worked on my installation....
Thanks for the good post.
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
[ Parent | Reply to this comment ]
Thanks!
[ Parent | Reply to this comment ]
apt-get install debian-archive-keyring/unstable
did not eliminate the message for me. The only thing that I *haven't* done is import the keys as described by the other approach to fixing this.
I suspect that importing the key is the only real way to fix this, and that the approach of installing the debian-archive-keyring doesn't actually do it. My debian-archive-keyring package is as up to date as it gets, and yet I still always get the missing key error when doing "apt-get update".
---
ps:
Also, I tried to create an account so I would not have to post this anonymously, but the account creation page seems to be in error. I used my real email address and was repeatedly told it was an invalid email address. I think not. There seems to be a bug in recognizing valid email addresses on debian-administration.org.
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
apt-get install debian-archive-keyringon it's own, since the right package has propagated into testing?
If you have 2006.11.22 of debian-archive-keyring installed cleanly, and apt-get update still shows those errors, you might want to try an explicit
apt-key updateMaybe that didn't get run automatically for you?
as for the e-mail address problem, you should mail the webmaster address at the bottom of the page and explain the issue. Steve is quite responsive when he's aware of a legitimate problem with the site.
[ Parent | Reply to this comment ]
solved my problem.
In fact, I suspect the original Warning message that directs us to "apt-get update" should be "apt-key update"...
mei_
[ Parent | Reply to this comment ]
i ended up receiving the key and registering it before i got a chance to try the "apt-key update" approach. the apt-key approach definitely seems more like the right one...
if apt-get was supposed to run that automatically, that apparently did not happen.
ps: my user creation issues are resolved now somehow. i was the anonymous poster before.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I was trying to weird import of keys from wwweukey thing and that didn't work for me.
[ Parent | Reply to this comment ]