[PLUG] apt errors

[Jeff Schwaber]

On Mon, 2003-05-05 at 23:31, Dirk Ouellette wrote:
> Is the following telling me that the packages I recieved from various RH
> 9 apt sources are no good or just that they don/t match RH 9's gpg?
> Thanks Dirk
> 
> Fetched 1652kB in 7s (224kB/s)
> Checking GPG signatures...
> error: automake15_1.5-6.2.9_noarch.rpm has invalid or unknown GPG key.
> error: automake_1.6.3-5.2.9_noarch.rpm has invalid or unknown GPG key.
> error: autoconf_2.57-3.2.9_noarch.rpm has invalid or unknown GPG key.
> error: gtk2_2.2.1-4.1.9_i386.rpm has invalid or unknown GPG key.
> error: gtk+_1%3a1.2.10-25.2.9_i386.rpm has invalid or unknown GPG key.
> error: qt_1%3a3.1.2-2.0.9_i386.rpm has invalid or unknown GPG key.
> error: automake14_1.4p6-5.3.9_noarch.rpm has invalid or unknown GPG key.
> error: xmms-mp3_1%3a1.2.7-21.p_i386.rpm has invalid or unknown GPG key.
> E: Sub-process /usr/bin/apt-sigchecker returned an error code (8)
> E: Failure running script /usr/bin/apt-sigchecker

I don't use the redhat version of apt, so I can't answer this in
specific, but I can say that I've gotten signature errors before, and
they've never been because I got spoofed packages. I have to say, though
it's a huge security violation in theory, it's generally easiest and
perfectly safe to turn these checks off for the duration of the problem,
provided the same errors occur over the course of several days. It's
usually just a build error, that I've seen.

the message is supposed to tell you that the package failed to download,
was spoofed, or was overwritten at the source with a bad package. It's
probably a good security measure to keep in place, but it's never
happened in my memory.

Jeff