[R-sig-Debian] Ubuntu CRAN repository not signed
Mikko Pesari
mikko.pesari at aalto.fi
Tue Oct 20 16:39:53 CEST 2015
On 10/20/2015 05:18 PM, Michael Rutter wrote:
> On 10/20/2015 09:51 AM, Mikko Pesari wrote:
>> Hi,
>>
>> In the aftermath of the signing key expiring a couple of days ago, it
>> seems that the Ubuntu repositories are no longer signed (there is no
>> Release.gpg file present). This is not a good situation as users cannot
>> verify the packages' origin.
>
> Mikko,
>
> I renewed the key on Sunday. If you add the key again, you should be
> good to go.
>
> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9
>
> Michael
>
Hi Michael,
Yes, I realized that the key was renewed, but the issue is that the
repository contents are actually not signed using the new key.
I'm looking at https://cran.r-project.org/bin/linux/ubuntu/trusty/ and
the Release.gpg file is missing. This prevents apt-get from verifying
and installing downloaded files.
FWIW, my machine says:
$ host cran.r-project.org
cran.r-project.org is an alias for cran.wu-wien.ac.at.
cran.wu-wien.ac.at has address 137.208.57.37
cran.wu-wien.ac.at mail is handled by 10 cran.wu-wien.ac.at.
Thanks,
Mikko
More information about the R-SIG-Debian
mailing list