[Bug 1284053] [NEW] Signature warning should include full repository name/path
Malte Wetz
1284053 at bugs.launchpad.net
Mon Feb 24 10:54:38 UTC 2014
Public bug reported:
Most people nowadays can collect quite a few APT repositories hosted on
the same server (ppa.launchpad.net, for instance). In case the signature
check on one of these repositories fails, apt-get just prints this:
W: GPG error: http://ppa.launchpad.net saucy Release: The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY <blah>
Unfortunately, this informs the user only that one of the repositories
on ppa.launchpad.net has a missing key. But not which one. It could be
any of them. Tracking down the specific signature (<blah> in my example)
is difficult so the only practical option is to disable the repositories
one by one until the warning disappears. Which is not only annoying to
the user but also puts unnecessary load on the servers which get
repeatedly hit by 'apt-get update'.
I therefore suggest to change the warning to include the full path of
the repository. Example:
W: GPG error: http://ppa.launchpad.net/ubuntu-wine/ppa/ubuntu saucy
Release: The following signatures couldn't be verified because the
public key is not available: NO_PUBKEY <blah>
This would inform the user which repository needs a key. Other options
(such as printing the repository's name are also valid, of course).
PS: I am aware that apt-add-repository automatically adds the key but
this magic only works on Launchpad whereas the problem is one in
general. Furthermore, you don't always get to use apt-add-repository for
various reasons.
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1284053
Title:
Signature warning should include full repository name/path
Status in “apt” package in Ubuntu:
New
Bug description:
Most people nowadays can collect quite a few APT repositories hosted
on the same server (ppa.launchpad.net, for instance). In case the
signature check on one of these repositories fails, apt-get just
prints this:
W: GPG error: http://ppa.launchpad.net saucy Release: The following
signatures couldn't be verified because the public key is not
available: NO_PUBKEY <blah>
Unfortunately, this informs the user only that one of the repositories
on ppa.launchpad.net has a missing key. But not which one. It could be
any of them. Tracking down the specific signature (<blah> in my
example) is difficult so the only practical option is to disable the
repositories one by one until the warning disappears. Which is not
only annoying to the user but also puts unnecessary load on the
servers which get repeatedly hit by 'apt-get update'.
I therefore suggest to change the warning to include the full path of
the repository. Example:
W: GPG error: http://ppa.launchpad.net/ubuntu-wine/ppa/ubuntu saucy
Release: The following signatures couldn't be verified because the
public key is not available: NO_PUBKEY <blah>
This would inform the user which repository needs a key. Other options
(such as printing the repository's name are also valid, of course).
PS: I am aware that apt-add-repository automatically adds the key but
this magic only works on Launchpad whereas the problem is one in
general. Furthermore, you don't always get to use apt-add-repository
for various reasons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1284053/+subscriptions
More information about the foundations-bugs
mailing list