[R-sig-Debian] Ubuntu CRAN repository not signed

Michael Rutter mar36 at psu.edu
Tue Oct 20 17:18:31 CEST 2015

On 10/20/2015 10:39 AM, Mikko Pesari wrote:
> On 10/20/2015 05:18 PM, Michael Rutter wrote:
>> On 10/20/2015 09:51 AM, Mikko Pesari wrote:
>>> Hi,
>>> In the aftermath of the signing key expiring a couple of days ago, it
>>> seems that the Ubuntu repositories are no longer signed (there is no
>>> Release.gpg file present). This is not a good situation as users cannot
>>> verify the packages' origin.
>> Mikko,
>> I renewed the key on Sunday. If you add the key again, you should be
>> good to go.
>> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9
>> Michael
> Hi Michael,
> Yes, I realized that the key was renewed, but the issue is that the
> repository contents are actually not signed using the new key.
> I'm looking at https://cran.r-project.org/bin/linux/ubuntu/trusty/ and
> the Release.gpg file is missing. This prevents apt-get from verifying
> and installing downloaded files.


Sorry about that, misunderstood the issue.  And I missed that part of 
the workflow when I renewed the certificate.  I have fixed that and it 
should be corrected the next time the CRAN mirrors sync up.


Dr. Michael A. Rutter
Associate Professor of Statistics
Department Chair, Mathematics
Penn State Erie, The Behrend College
Station Road
Erie, PA 16563

More information about the R-SIG-Debian mailing list