[Bug 1163745] Re: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 4 12:30:11 UTC 2013
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1163745
Title:
GPG error: http://security.ubuntu.com quantal-security Release: The
following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu
Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Status in “apt” package in Ubuntu:
New
Bug description:
When running "apt-get update", I see these warnings:
Reading package lists... Error!
W: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
W: GPG error: http://ch.archive.ubuntu.com quantal-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Following the advice on http://askubuntu.com/questions/131601/how-to-overcome-signature-verification-error
I deleted the lists and updated again but the error persists.
I also tried to add the key:
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.MhtBtqxmAw --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
So the key seems to be installed already and it seems to be correct.
What should I do next?
PS: I flagged this as security vulnerability since it prevents me from
installing security updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1163745/+subscriptions
More information about the foundations-bugs
mailing list