copied binaries require origin ppa key to determine trustiness
Bug #608302 reported by
X3
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When packages exist in one ppa e.g. ppa A and the binaries are copied directly to a second ppa e.g. ppa B, the ppa where the packages where copied to ppa B if added to sources reports packages are untrusted.
The fix is to have to use ppa A key added as well.
Packages should not depend on origin ppa for determination of trustiness.
No information or warning is apparent nor is information on how to fix or deal with this, workarounds etc.
To post a comment you must log in.
The situation described here is impossible - copied binaries are re-published in the target archive which has a signed Releases file (packages themselves are not signed).
There will be another explanation somewhere, like transparent proxies.