[Aptitude-devel] Bug#706183: Bug#706183: "WARNING: untrusted versions of the following packages will be installe vague

Daniel Hartwig mandyke at gmail.com
Fri Apr 26 03:01:57 UTC 2013

On 25 April 2013 21:16, Nomen Nescio <nobody at dizum.com> wrote:
> Package: aptitude
> Version: 0.6.3-3.2+squeeze1
> Severity: wishlist
> The following warning is too vague:
> vague warning> WARNING: untrusted versions of the following packages will be installed!
> vague warning>
> vague warning> Untrusted packages could compromise your system's security.
> vague warning> You should only proceed with the installation if you are certain that
> vague warning> this is what you want to do.
> vague warning>
> vague warning>   libswscale0 libavutil50 libdrm-radeon1 libdrm2 libvpx0 libdrm-intel1 libpostproc51
> vague warning>
> vague warning> Do you want to ignore this warning and proceed anyway?
> Why is it untrusted?  Are the keys missing from the users keyring?
> Are the keys present, but expired? Are the packages signed or
> unsigned?

What difference the distinction make?  If the key is not present,
valid, and the packages signed, they are untrusted.

This general warning is sufficient to alert the local admin to a
problem, which they can investigate.  It is not expected to be common,
and if the warning persists then the system is misconfigured.

The alternative is to group the untrusted packages by the one or
multiple underlying causes, which may involve e.g. multiple different
expired keys.  Now that is a long winded and complex dialog, with very
little benefit as it is trivial to investigate the cause outside of

More information about the Aptitude-devel mailing list