下载 Ubuntu 源代码时出现安全警告:
# apt-get source gedit
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'gedit' packaging is maintained in the 'Bzr' version control system at:
https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
Please use:
bzr branch https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 3,116 kB of source archives.
Get:1 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (dsc) [2,650 B]
Get:2 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (tar) [3,086 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (diff) [26.7 kB]
Fetched 3,116 kB in 5s (611 kB/s)
gpgv: Signature made Sat 04 Apr 2015 22:31:17 BST using RSA key ID 778FA6F5
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./gedit_3.10.4-0ubuntu10.dsc
无论如何它都下载了代码。但为什么密钥会失效?警告是否意味着下载的文件不可信?
答案1
根据检查源包完整性的官方方法是什么?和如何使 apt-get 源验证正常工作?你可以尝试这些:
sudo apt-get install debian-keyringgpg --keyserver keyring.debian.org --recv-keys 9F1B8B32