[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Package Key Mismatch


Running Linux Mint 19.3

Had an update failure with the message

W:GPG error: http://pkg.tarsnap.com/deb/tessa ./ Release: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY FC72A10BF6B692AA, E:The repository
'http://pkg.tarsnap.com/deb/tessa ./ Release' is not signed.

I tried to re-download the package:

(2) andrew@andrew Downloads $ wget
--2020-05-26 10:59:43--  https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
Connecting to connected.
Proxy request sent, awaiting response... 200 OK
Length: 1810 (1.8K) [application/pgp-signature]
Saving to: ‘tarsnap-deb-packaging-key.asc.1’

1.77K  --.-KB/s    in 0s      

2020-05-26 10:59:44 (159 MB/s) - ‘tarsnap-deb-packaging-key.asc.1’ saved [1810/1810]

(2) andrew@andrew Downloads $ gpg --list-packets tarsnap-deb-packaging-key.asc | grep signature
:signature packet: algo 1, keyid 70BD6C50E82A9D99
:signature packet: algo 17, keyid 38CECA690C6A6A6E

The verification shows a different packaging key from the expected one!

I have not proceeded any further. Is it safe to do so?


Andrew Woodward