(In reply to comment #1) > Thanks for this bugreport. > > If you can reproduce the problem easily, can you please run: > "apt-get update -o Debug::pkgAcquire::Auth=true" > and attach the output here? > > I'm not able to reproduce the problem here and I verified that the md5sum of > your key is correct. > Sure, here it is, albeit the command is run at a time when I'm fairly certain that at the time my lists was synched with the repository, ie I had already done an apt-get update that didn't checksum: henry@ubuntu ~ $ sudo apt-get update -o Debug::pkgAcquire::Auth=true Password: Get:1 http://archive.ubuntu.com hoary Release.gpg [189B] Get:2 http://archive.ubuntu.com hoary-security Release.gpg [189B] 99% [Working]Metaindex acquired, queueing gpg verification (/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_hoary_Release.gpg,/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_hoary_Release) Hit http://archive.ubuntu.com hoary Release Ign http://archive.ubuntu.com hoary Release 98% [Waiting for headers]Metaindex acquired, queueing gpg verification (/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_hoary-security_Release.gpg,/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_hoary-security_Release) Hit http://archive.ubuntu.com hoary-security Release Ign http://archive.ubuntu.com hoary-security Release Hit http://archive.ubuntu.com hoary/main Packages Hit http://archive.ubuntu.com hoary/restricted Packages Hit http://archive.ubuntu.com hoary/universe Packages Hit http://archive.ubuntu.com hoary-security/main Packages Fetched 2B in 0s (3B/s) Reading Package Lists... Done W: GPG error: http://archive.ubuntu.com hoary Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key