Unsigned repository

[Neil Sands]

I have Android and Gemian TP3 on my Gemini.

If I do sudo apt-get update, I get an error message, not always exactly the same but this one is typical.

W: GPG error: http://gemian.thinkglobally.org/stretch stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6669378035F4918C
W: The repository 'http://gemian.thinkglobally.org/stretch stretch InRelease' is not signed.

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

Is anyone else getting this? Or am I special?

Thanks
Neil

[mithrandir]

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

[Neil Sands]

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

Wonderful, that's worked very nicely. Thanks.

[gemini_user_j]

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

probably wise to use https here:
 https://gemian.thinkglobally.org/archive-key.asc

[geminifrench]

working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209
section [3.5.1]

[gemini_user_j]

working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209
section [3.5.1]

Not a question if it works or not, rather a simple precaution to use encrypted data traffic.

Just thought it was particularly relevant when downloading the key used for verifying software packages