Debian/Ubuntu Repository: Release.gpg must be signed properly
I belive the error below is related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921685 which fixes CVE-2019-3462 in apt 1.8.0
apt (1.8.0) unstable; urgency=medium
[ David Kalnischkies ]
- Add explicit message for unsupported binary signature (Closes: #921685) [...] apt (1.8.0~rc1) unstable; urgency=medium
[ David Kalnischkies ]
- Fail instead of warn for unsigned lines in InRelease
- Fail on non-signature lines in Release.gpg
root@charion-new:/etc/apt/sources.list.d#apt-get update
[...]
Ign:4 http://download.videolan.org/pub/debian/stable InRelease
[...]
Ign:6 http://download.videolan.org/pub/debian/testing InRelease
[...]
Get:10 http://download.videolan.org/pub/debian/stable Release [1.487 B]
[...]
Get:12 http://download.videolan.org/pub/debian/testing Release [1.487 B]
[...]
Get:14 http://download.videolan.org/pub/debian/stable Release.gpg [287 B]
Get:15 http://download.videolan.org/pub/debian/testing Release.gpg [287 B]
[...]
Ign:14 http://download.videolan.org/pub/debian/stable Release.gpg
Ign:15 http://download.videolan.org/pub/debian/testing Release.gpg
Reading package lists... Done
W: GPG error: http://download.videolan.org/pub/debian/stable Release: Detached signature file '/var/lib/apt/lists/partial/download.videolan.org_pub_debian_stable_Release.gpg' is in unsupported binary format
E: The repository 'http://download.videolan.org/pub/debian/stable Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.videolan.org/pub/debian/testing Release: Detached signature file '/var/lib/apt/lists/partial/download.videolan.org_pub_debian_testing_Release.gpg' is in unsupported binary format
E: The repository 'http://download.videolan.org/pub/debian/testing Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.