[Bug 1163745] Re: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

Marc Deslauriers marc.deslauriers at canonical.com
Thu Apr 4 12:30:11 UTC 2013


Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1163745

Title:
  GPG error: http://security.ubuntu.com quantal-security Release: The
  following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu
  Archive Automatic Signing Key <ftpmaster at ubuntu.com>

Status in “apt” package in Ubuntu:
  New

Bug description:
  When running "apt-get update", I see these warnings:

  Reading package lists... Error!
  W: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
  W: GPG error: http://ch.archive.ubuntu.com quantal-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

  Following the advice on http://askubuntu.com/questions/131601/how-to-overcome-signature-verification-error
  I deleted the lists and updated again but the error persists.

  I also tried to add the key:

  > apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
  Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.MhtBtqxmAw --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
  gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
  gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  So the key seems to be installed already and it seems to be correct.

  What should I do next?

  PS: I flagged this as security vulnerability since it prevents me from
  installing security updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1163745/+subscriptions




More information about the foundations-bugs mailing list