Apt-get update public key error


#1
W: GPG error: http://security.debian.org lenny/updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY *key here*
W: GPG error: http://ftp.us.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY *key here*
W: You may want to run apt-get update to correct these problems

^ I just noticed that recently after ‘apt-get update’ My Book Live shows something like that in the end of update. Eveything works just fine, so I assumme its not critical. Can any Debian guru comment on that ?

My apt-source list file is following (did not change anything in that file):

MyBookLive:/etc/apt# more sources.list
deb http://ftp.us.debian.org/debian/ lenny main
deb-src http://ftp.us.debian.org/debian/ lenny main
deb http://mirrors.usc.edu/pub/linux/distributions/debian/ lenny main
deb-src http://mirrors.usc.edu/pub/linux/distributions/debian/ lenny main
deb http://security.debian.org lenny/updates main
deb-src http://security.debian.org/ lenny/updates main
deb http://ftp.us.debian.org/debian/ squeeze main
#deb http://ftp.us.debian.org/debian/ sid main
#deb http://ftp.us.debian.org/debian/ experimental main

#2

You should comment out the squeeze line. Apt-get upgrade is a dangerous prospect as it stands. I’m not sure that’ll fix the security GPG error.

For comparison, my (error free) sources.list on firmware 01.02.03 is:

deb http://mirror.ox.ac.uk/debian/ lenny main non-free contrib
deb-src http://mirror.ox.ac.uk/debian/ lenny main non-free contrib
deb http://security.debian.org lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

I’m based in the UK, hence Oxford instead of the US server.


#3

Okey, but if I comment them out and run apt-get update again, will that not screw something up if some packages is already installed from squeeze source?


#4

Well, apt-get update wont break anything. I think you mean upgrade.

The most likely scenario, if you comment out squeeze, is you’ll try to install something from lenny and a dependency resolution will fail. So you get a warning that things will break if you force matters.

Less likely is that something will install fine, but run badly, as something it depends on has changed significantly between lenny and squeeze.

So yeah, you might break things. That’s the drawback to inheriting someone elses Debian install, you don’t really know what eccentric things they’ve done. I particularly dislike the old references to experimental in sources. I believe you’re less likely to break things if you stick to Lenny from the stock install onwards, as you may otherwise inadvetently upgrade things to squeeze which then break in interesting ways.

I’m interested to hear back from you when things break from squeeze though, as I probably want to upgrade to the new stable at some point.


#5

Oh, I never wanted to do 'apt-get upgrade’ . I believe its not needed at all and is dangerous to do.

What I want to use is 'apt-get update’