Latest "lame" package is unsigned (security risk)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lame (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Package lame is not signed with trusted key:
sudo apt-get install lame
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
lame
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 214 kB of archives.
After this operation, 478 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
lame
Install these packages without verification [y/N]?
Package: lame
Versions:
3.99.3+repack1-1 (/var/lib/
Description Language:
Description Language: en
Ubuntu 12.04.5 LT
I was able to verify the trust path entirely by hand, starting with the http:// pl.archive. ubuntu. com/ubuntu/ dists/precise/ Release and http:// pl.archive. ubuntu. com/ubuntu/ dists/precise/ Release. gpg files, downloading the precise amd64 lame package, and verifying that the sha256 for the downloaded package is 378656d3725af05 41bf9ecc6439d43 172b9f5fc8eb7b6 6ec5bf37b3211cf c842 as listed in the http:// pl.archive. ubuntu. com/ubuntu/ dists/precise/ universe/ binary- amd64/Packages. bz2 file.
Do you have the correct ubuntu-keyring package installed for your release?
Thanks