[R-sig-Debian] Ubuntu CRAN repository not signed

Michael Rutter mar36 at psu.edu
Tue Oct 20 17:18:31 CEST 2015



On 10/20/2015 10:39 AM, Mikko Pesari wrote:
> On 10/20/2015 05:18 PM, Michael Rutter wrote:
>> On 10/20/2015 09:51 AM, Mikko Pesari wrote:
>>> Hi,
>>>
>>> In the aftermath of the signing key expiring a couple of days ago, it
>>> seems that the Ubuntu repositories are no longer signed (there is no
>>> Release.gpg file present). This is not a good situation as users cannot
>>> verify the packages' origin.
>>
>> Mikko,
>>
>> I renewed the key on Sunday. If you add the key again, you should be
>> good to go.
>>
>> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9
>>
>> Michael
>>
>
> Hi Michael,
>
> Yes, I realized that the key was renewed, but the issue is that the
> repository contents are actually not signed using the new key.
>
> I'm looking at https://cran.r-project.org/bin/linux/ubuntu/trusty/ and
> the Release.gpg file is missing. This prevents apt-get from verifying
> and installing downloaded files.

Mikko,

Sorry about that, misunderstood the issue.  And I missed that part of 
the workflow when I renewed the certificate.  I have fixed that and it 
should be corrected the next time the CRAN mirrors sync up.

Michael

-- 
Dr. Michael A. Rutter
Associate Professor of Statistics
Department Chair, Mathematics
Penn State Erie, The Behrend College
Station Road
Erie, PA 16563
http://math.bd.psu.edu/faculty/rutter



More information about the R-SIG-Debian mailing list