<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">methinks it's not something you've done: It says BADSIG, which according to my extremely limited knowledge of GPG means you were able to verify the key, yet the message does not verify (i.e. corrupt/malicious file?)<br>
<br></div><div class="gmail_default" style="font-family:verdana,sans-serif">It seems however you are not alone on this. Repo mantainer suggests:<br><br><a href="https://lists.debian.org/debian-user/2011/04/msg00283.html">https://lists.debian.org/debian-user/2011/04/msg00283.html</a><br>
<br></div><div class="gmail_default" style="font-family:verdana,sans-serif">However user reports "issue has solved itself":<br><br><a href="https://lists.debian.org/debian-user/2011/04/msg00332.html">https://lists.debian.org/debian-user/2011/04/msg00332.html</a><br>
<br>:\<br><br><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-01-28 E Chalaron <span dir="ltr"><<a href="mailto:e.chalaron@xtra.co.nz" target="_blank">e.chalaron@xtra.co.nz</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hey Grant & all<br>
<br>
I start to see a little clearer with this gpg stuff. <br>
<br>
Maybe I should have called on the LUG meeting in nov ... <span><span> :-[ </span></span><- another
embarrasement<br>
<br>
<br>
back to step 1<div class="im"><br>
apt-key advanced --keyserver <a href="http://pgp.net.nz" target="_blank">pgp.net.nz</a> --recv-keys 1F41B907<br>
<br></div>
gpg: requesting key 1F41B907 from hkp server <a href="http://pgp.net.nz" target="_blank">pgp.net.nz</a><br>
gpg: key 1F41B907: "Christian Marillat <a href="mailto:marillat@debian.org" target="_blank"><marillat@debian.org></a>"
not changed<br>
gpg: Total number processed: 1<br>
gpg: unchanged: 1<br>
root@manawatu:~# apt-key update<br>
gpg: key B98321F9: "Squeeze Stable Release Key
<a href="mailto:debian-release@lists.debian.org" target="_blank"><debian-release@lists.debian.org></a>" not changed<br>
gpg: key 473041FA: "Debian Archive Automatic Signing Key
(6.0/squeeze) <a href="mailto:ftpmaster@debian.org" target="_blank"><ftpmaster@debian.org></a>" not changed<br>
gpg: key 65FFB764: "Wheezy Stable Release Key
<a href="mailto:debian-release@lists.debian.org" target="_blank"><debian-release@lists.debian.org></a>" not changed<br>
gpg: key 46925553: "Debian Archive Automatic Signing Key
(7.0/wheezy) <a href="mailto:ftpmaster@debian.org" target="_blank"><ftpmaster@debian.org></a>" not changed<br>
gpg: Total number processed: 4<br>
gpg: unchanged: 4<br>
<br>
So first question where the hell is 1F41B907 ???<br>
<br>
<br>
Out of curiosity I went on<br>
<a href="https://bugs.launchpad.net/ubuntu/+source/apt/+bug/24234/comments/20" target="_blank">https://bugs.launchpad.net/ubuntu/+source/apt/+bug/24234/comments/20</a><br>
<br>
and applied <br>
gpg --keyring /etc/apt/<u></u>trusted.gpg --edit-key 1F41B907<br>
<br>
to get <br>
<br>
pub 1024D/1F41B907 created: 1999-10-03 expires: never
usage: SC <br>
trust: unknown validity: unknown<br>
sub 1536g/C28DCC42 created: 1999-10-03 expires: never
usage: E <br>
sub 1024D/5D3877A7 created: 2002-08-26 expires: never
usage: SCA <br>
[ unknown] (1). Christian Marillat <a href="mailto:marillat@debian.org" target="_blank"><marillat@debian.org></a><br>
[ unknown] (2) Christian Marillat <a href="mailto:marillat@free.fr" target="_blank"><marillat@free.fr></a><br>
[ revoked] (3) Christian Marillat <a href="mailto:marillat@alpes-net.fr" target="_blank"><marillat@alpes-net.fr></a><br>
[ unknown] (4) Christian Marillat
<a href="mailto:marillat@deb-multimedia.org" target="_blank"><marillat@deb-multimedia.org></a><br>
[ revoked] (5) Christian Marillat
<a href="mailto:marillat.christian@wanadoo.fr" target="_blank"><marillat.christian@wanadoo.fr></a><br>
<br>
<br>
Does that mean that the key has been revoked without the owner
renewing it or something ?<br>
<br>
Pedro's <code>--allow-unauthenticated</code> does not do anything
for the report of the bad signature. But does it mean it does not
fetch the data??<br>
<br>
I am lost <span><span> :'( </span></span><br>
<br>
Edouard<div><div class="h5"><br>
<br>
<br>
<div>On 28/01/14 12:08, Pedro Worcel wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:verdana,sans-serif">Hey, how about
something like this?<br>
<br>
<a href="http://parijatmishra.wordpress.com/2008/07/28/ubuntu-bad-signature-problems-prevent-apt-get-update-from-working/" target="_blank">http://parijatmishra.wordpress.com/2008/07/28/ubuntu-bad-signature-problems-prevent-apt-get-update-from-working/</a><br>
<br>
</div>
<div class="gmail_default" style="font-family:verdana,sans-serif">Otherwise, the *very
insecure* parameter <br>
<pre><code>--allow-unauthenticated
</code></pre>
<pre>will allow you to bypass the warnings<code>
</code></pre>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-01-28 Grant McLean <span dir="ltr"><<a href="mailto:grant@mclean.net.nz" target="_blank">grant@mclean.net.nz</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
You could try:<br>
<br>
$ sudo -i<br>
# apt-key advanced --keyserver <a href="http://pgp.net.nz" target="_blank">pgp.net.nz</a>
--recv-keys 1F41B907<br>
<br>
This will download the latest repository key from a
keyserver and<br>
install it into the APT keyring. The key ID '1F41B907' came
from the<br>
FAQ here:<br>
<br>
<a href="http://www.deb-multimedia.org/faq" target="_blank">http://www.deb-multimedia.org/faq</a><br>
<br>
Regards<br>
<span><font color="#888888">Grant<br>
</font></span>
<div>
<div><br>
On Tue, 2014-01-28 at 11:32 +1300, E Chalaron wrote:<br>
> Na ... does not work, wrong signature like before.<br>
> Did remove, autoclean etc ...<br>
> reinstalled<br>
> same stuff<br>
><br>
> Reading package lists... Done<br>
> W: GPG error: <a href="http://www.deb-multimedia.org" target="_blank">http://www.deb-multimedia.org</a>
wheezy Release: The<br>
> following signatures were invalid: BADSIG
07DC563D1F41B907 Christian<br>
> Marillat <<a href="mailto:marillat@debian.org" target="_blank">marillat@debian.org</a>><br>
> W: GPG error: <a href="http://www.deb-multimedia.org" target="_blank">http://www.deb-multimedia.org</a>
wheezy Release: The<br>
> following signatures were invalid: BADSIG
07DC563D1F41B907 Christian<br>
> Marillat <<a href="mailto:marillat@debian.org" target="_blank">marillat@debian.org</a>><br>
><br>
> cheers<br>
> E<br>
><br>
><br>
> On 01/28/2014 10:01 AM, Daniel Reurich wrote:<br>
> > Ho Edouard<br>
> ><br>
> > Glad to see you've switched.<br>
> ><br>
> > From the deb-mulitmedia website is this
instruction:<br>
> ><br>
> > apt-get install deb-multimedia-keyring<br>
> ><br>
> > regards,<br>
> > Daniel.<br>
> ><br>
> > On 28/01/14 09:26, E Chalaron wrote:<br>
> >><br>
> >> Hello all<br>
> >> Long time since my last post, but my usual
distro (Suse) is giving me a<br>
> >> serious hard time with some firewire
modules.<br>
> >><br>
> >> Anyway, falled back to Debian stable, that
worked out of the box, apart<br>
> >> from 1 little problem with a gpg / apt-get<br>
> >><br>
> >> GPG error: <a href="http://www.deb-multimedia.org" target="_blank">http://www.deb-multimedia.org</a>
wheezy Release: The following<br>
> >> signatures were invalid: BADSIG
07DC563D1F41B907 Christian Marillat<br>
> >> <<a href="mailto:marillat@debian.org" target="_blank">marillat@debian.org</a>><br>
> >><br>
> >> I tried several googling and solution that
did not resolve anything.<br>
> >><br>
> >> Point is that I had to get it to work to
get some multimedia packages<br>
> >> few months ago.<br>
> >><br>
> >> So how can I get rid of that error and
replace with a proper signature<br>
> >> (embarrassingly enough I can't even
remember how I did it in the first<br>
> >> place). :-[<br>
> >><br>
> >> Many thanks<br>
> >> Edouard<br>
> >><br>
> >><br>
> ><br>
> ><br>
><br>
><br>
<br>
<br>
<br>
--<br>
Wellington Linux Users Group Mailing List: <a href="mailto:wellylug@lists.wellylug.org.nz" target="_blank">wellylug@lists.wellylug.org.nz</a><br>
To Leave: <a href="http://lists.wellylug.org.nz/mailman/listinfo/wellylug" target="_blank">http://lists.wellylug.org.nz/mailman/listinfo/wellylug</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div dir="ltr">
<div>GPG: <a href="http://is.gd/signature_" target="_blank">http://is.gd/droope</a><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre></pre>
</blockquote>
<br>
</div></div></div>
<br><br>
--<br>
Wellington Linux Users Group Mailing List: <a href="mailto:wellylug@lists.wellylug.org.nz">wellylug@lists.wellylug.org.nz</a><br>
To Leave: <a href="http://lists.wellylug.org.nz/mailman/listinfo/wellylug" target="_blank">http://lists.wellylug.org.nz/mailman/listinfo/wellylug</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><div>GPG: <a href="http://is.gd/signature_" target="_blank">http://is.gd/droope</a><br></div></div>
</div>