3

Downloading Ubuntu source code gave a security warning:

# apt-get source gedit
Reading package lists... Done
Building dependency tree       
Reading state information... Done
NOTICE: 'gedit' packaging is maintained in the 'Bzr' version control system at:
https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
Please use:
bzr branch https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 3,116 kB of source archives.
Get:1 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (dsc) [2,650 B]
Get:2 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (tar) [3,086 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (diff) [26.7 kB]
Fetched 3,116 kB in 5s (611 kB/s)
gpgv: Signature made Sat 04 Apr 2015 22:31:17 BST using RSA key ID 778FA6F5
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./gedit_3.10.4-0ubuntu10.dsc

It downloaded the code anyway. But why did it's key fail? And does the warning mean the downloaded files can't be trusted?

Tim
  • 32,861
  • 27
  • 118
  • 178
markling
  • 582
  • 8
  • 34

1 Answers1

1

According to What's the official method for checking integrity of a source package? and How to get apt-get source verification working? you can try these:

  1. sudo apt-get install debian-keyring
  2. gpg --keyserver keyring.debian.org --recv-keys 9F1B8B32
MarkWatney
  • 36