I am unable to install some codecs from the backports site (mirrormaxx) I get this output when I try to install w32codecs, libdvdcss2 etc apt-get output:


sudo apt-get install libdvdcss2
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
libdvdcss2
0 upgraded, 1 newly installed, 0 to remove and 30 not upgraded.
Need to get 27.3kB of archives.
After unpacking 48.1kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
libdvdcss2
Install these packages without verification [y/N]?
E: Some packages could not be authenticated


I tried searching the forums but I was unable to find anything. is this normal??

Thanks :)

cacofonix

I am unable to install some codecs from the backports site (mirrormaxx) I get this output when I try to install w32codecs, libdvdcss2 etc apt-get output:


sudo apt-get install libdvdcss2
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
libdvdcss2
0 upgraded, 1 newly installed, 0 to remove and 30 not upgraded.
Need to get 27.3kB of archives.
After unpacking 48.1kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
libdvdcss2
Install these packages without verification [y/N]?
E: Some packages could not be authenticated


I tried searching the forums but I was unable to find anything. is this normal??

Thanks :)

cacofonix
That's fine, just press "y" to that and it will continue to install the package.

That's fine

Why? There's a Release.gpg file in hoary-extras and hoary-backports. And I imported the public key with id 1A9653A3:

$ gpg --list-key 1A9653A3
pub 1024D/1A9653A3 2005-05-05 Ubuntu Backports Project (Ubuntu Backports Project Signing Key) <ubuntu-bp-devel@googlegroups.com>
sub 1024g/6966FF6B 2005-05-05

I think all is O.K., but... backports remains not authenticated. Why? Maybe I must do anymore?

I investigated a bit, and I think the problem is that the Release.gpg file is in the wrong location into the servers.

Say (for example) hoary-extras. The Release.gpg file is now located with the *.deb files, for example in the dists/hoary-extras/main/binary-i386 directory.

However, hoary repository has the Release.gpg file in the dists/hoary directory.

Maybe the problem could be fixed simply putting the Release.gpg file into the correct location.

That's fine, just press "y" to that and it will continue to install the package.

I would prefer to have it authenticated, even if it is safe. Is it possible for the backports maintainer to fix it?

I would prefer to have it authenticated, even if it is safe. Is it possible for the backports maintainer to fix it?
That would require him to GPG sign the packages, he doesn't do that.