Secure APT GPG problem with Release files

view full story

http://askubuntu.com – I'm experiencing a problem with apt. We're using our own repository and the users apt is configured to check the peer and host of the repository. Furthermore the Release file is verified (with the matching gpg key from apt-key). So, for testing I'm trying the following scenario: Sign the Release files with an untrusted key Restart repository When user trys to update the following warning will appear during an upgrade: WARNING: The following packages cannot be authenticated! <list of unauthenticated package names> This is expected so far... Sign the Release files with a trusted key R (HowTos)