2

Running aptitude dist-upgrade on my system currently results in an attempt to upgrade a few packages. All of these packages are being flagged as "untrusted packages" which "could compromise your system's security". I have just recently added a new untrusted source to /etc/apt/sources.list.d, but I didn't expect that it would include any/all of these packages.

How can I find out which source is providing the newer versions of these packages?

update

Thanks to Karthick87 for an informative response. With that assistance, I was able to troubleshoot the underlying issue, which may itself be of interest to some readers.

It turned out that at least some of the updates in question were to be fetched from an official ubuntu mirror. I had been using that mirror without issues for some months now. I have done numerous dist-upgrades since upgrading to Maverick.

It looks like the issue is the same described by this bug report.

I've been able to resolve my problems by editing /etc/apt/sources.list to use the [Cc]anonical repository with lines like these:

deb http://archive.ubuntu.com/ubuntu maverick main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu maverick main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu maverick-updates main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu maverick-updates main universe restricted multiverse
deb http://security.ubuntu.com/ubuntu maverick-security main universe restricted multiverse
deb-src http://security.ubuntu.com/ubuntu maverick-security main universe restricted multiverse

After making the edits, I did sudo aptitude update; sudo aptitude dist-upgrade and did not get the warning message.

intuited
  • 7,213
  • @intuited You should make your solution a separate answer and mark it as the solution. – Jorge Castro Dec 20 '10 at 23:39
  • @Jorge Castro: I considered doing so, but Karthick87 answered my original question. I feel like the updated information is really a separate issue. – intuited Dec 20 '10 at 23:40
  • @intuited. Answers just don't go in the question body. If you have an amendment to make to Karthick87's answer post it as a comment to him and he can update it. If it's nothing to do with this topic or answer then it doesn't really belong in the body. – Marco Ceppi Dec 21 '10 at 03:45
  • @Marco Ceppi: well, @Karthick87 answered quite thoroughly the question that I explicitly asked. My update follows up with additional information for people who end up here because they are looking for a solution for the underlying issue I was experiencing, or who just happen to be curious about it. The dynamic and ad hoc nature of SE's guidelines does make it a bit of a challenge to keep track of current correct protocol. If there's an entry on meta somewhere that disallows what I've done, please do post a link to it. – intuited Dec 23 '10 at 00:21
  • You can just refer to his answer in another answer, basically everything after "Update", here's an example when this happened to me: http://askubuntu.com/questions/4572/how-can-i-cache-nfs-shares-on-a-local-disk People vote on both and then both solutions float to the top. – Jorge Castro Dec 23 '10 at 19:42
  • @Jorge Castro: I would have done that if I had felt that I needed to ask a question about the underlying issue. Although I don't totally understand what's going on with it (communication with the repo maintainer indicates that it may have been a problem on their end), I am also not really interested, and am happy just to be able to do an upgrade. So I can't really ask a question, because there is not anything that I need answered. I guess I could ask "What is the cause of this documented Ubuntu issue?", but that seems somewhat redundant, and likely to go unanswered. – intuited Dec 24 '10 at 17:46

2 Answers2

2

The command apt-cache policy package_name will list the sources for each available version.

Sample Output: 

karthick@Ubuntu-desktop:~$ apt-cache policy pidgin
pidgin:
  Installed: 1:2.7.7-1ubuntu0+pidgin1.10.04
  Candidate: 1:2.7.7-1ubuntu0+pidgin1.10.04
  Version table:
 *** 1:2.7.7-1ubuntu0+pidgin1.10.04 0
        500 http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status
     1:2.6.6-1ubuntu4.1 0
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
     1:2.6.6-1ubuntu4 0
        500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages
karthick87
  • 81,947
0

In Terminal, run:

apt-cache policy [package_names]
nanofarad
  • 20,717
Florian Diesch
  • 87,389