[R-sig-Debian] Ubuntu CRAN repository not signed

Mikko Pesari mikko.pesari at aalto.fi
Tue Oct 20 16:39:53 CEST 2015


On 10/20/2015 05:18 PM, Michael Rutter wrote:
> On 10/20/2015 09:51 AM, Mikko Pesari wrote:
>> Hi,
>>
>> In the aftermath of the signing key expiring a couple of days ago, it
>> seems that the Ubuntu repositories are no longer signed (there is no
>> Release.gpg file present). This is not a good situation as users cannot
>> verify the packages' origin.
>
> Mikko,
>
> I renewed the key on Sunday. If you add the key again, you should be 
> good to go.
>
> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9
>
> Michael
>

Hi Michael,

Yes, I realized that the key was renewed, but the issue is that the 
repository contents are actually not signed using the new key.

I'm looking at https://cran.r-project.org/bin/linux/ubuntu/trusty/ and 
the Release.gpg file is missing. This prevents apt-get from verifying 
and installing downloaded files.

FWIW, my machine says:

$ host cran.r-project.org
cran.r-project.org is an alias for cran.wu-wien.ac.at.
cran.wu-wien.ac.at has address 137.208.57.37
cran.wu-wien.ac.at mail is handled by 10 cran.wu-wien.ac.at.

Thanks,

Mikko



More information about the R-SIG-Debian mailing list