bogus network proxies might cause: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?)

This hotel network is particularly special; even after you authenticate to the web portal, it's blocking archive.canonical.com as "restricted" content. This contributes to the confusion, because most of the lists get downloaded without fine, then there's this cryptic message.

FWIW the actual contents of the partial InRelease file in this case are a one-line, malformed HTML file that does a meta refresh.

So, what do you suggest? The hint "does the network require authentication?" is already a wild guess as this can happen for temporary down servers (e.g. "Down for maintenance"), 'longtime down' servers (e.g. domain grabber got the domain), the network you are on requires you to authenticate (first time, again, after X minutes, for specific domains), the network has a pre-processing proxy to reduce traffic/enforce restrictions/parental control, the archive software really produced invalid files or you are under attack …

The sentence is easily 400 characters long and hasn't mentioned a single "solution" yet even though for all different things need (not) to be done.

If anyone can provide a better hint than the current which will fit on one line feel free tell us, but I don't expect that we can do anything reasonable to detect which one of the various possible problems that could be.

(It might first sound like we could detect "normal" vs. "restricted" archives as it seems to happen here, but APT really has no idea what the difference is, further more these could be on different mirrors, used via a proxy… so while this is "easy" (really?) to detect for a human, its close to impossible in code)

I have some hope for "511 Network Authentication Required" ( https://tools.ietf.org/html/rfc6585#section-6 ), but I haven't seen it implemented so far [APT has no specific support for it so far, but works as intended by default as any client should do].

can this message not stoped apt-get update ? I have many reps in sources.list, not only http://archive.getdeb.net

Get:2 http://archive.getdeb.net oneiric-getdeb InRelease [4555 B]
Ign http://ppa.launchpad.net saucy InRelease
Splitting up /var/lib/apt/lists/partial/archive.getdeb.net_ubuntu_dists_oneiric-getdeb_InRelease into data and signature failedIgn http://archive.getdeb.net oneiric-getdeb InRelease
E: GPG error: http://archive.getdeb.net oneiric-getdeb InRelease: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?)
Command exited with non-zero status 100

I just wanted to add a comment, for any others who come to this via Google.

I also hit this exact same error, but it turned out not to be caused directly by the network proxy. I had just run apt-add-repository, and that had failed to import the GPG key:

root@buildhost:/home/mblokzij/ws-qvpc# add-apt-repository ppa:x2go/stable
 Quick howto to turn your machine into an X2Go server:
...
gpg: keyring `/tmp/tmpf3fzey4y/secring.gpg' created
gpg: keyring `/tmp/tmpf3fzey4y/pubring.gpg' created
gpg: requesting key 0A53F9FD from hkp server keyserver.ubuntu.com
gpgkeys: key A7D8D681B1C07FE41499323D7CDE3A860A53F9FD can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Note the last line.

After manually importing the key, apt-get update ran fine. I used:

apt-key adv --recv-keys --keyserver keys.gnupg.net 0A53F9FD

I realise I used a different keyserver, but I copy/pasted the key id from the logs above.