Skip to content

The following signatures were invalid

My systems run cron-apt with an hourly rhythm, running off ftp2.de.d.o. Once in a while, some of them complain about invalid signatures on release files:

CRON-APT LINE: /usr/bin/apt-get update -o quiet=2
W: GPG error: http://debian.debian.zugschlus.de lenny Release: The following signatures were invalid: BADSIG A70DAF536070D3A1 Debian Archive Automatic Signing Key (4.0/etch) 
W: GPG error: http://debian.debian.zugschlus.de sid Release: The following signatures were invalid: BADSIG A70DAF536070D3A1 Debian Archive Automatic Signing Key (4.0/etch) 
W: You may want to run apt-get update to correct these problems
This usually happens in the late evening CEST. In the next cron-apt run, things are fine again. What's going on here? Is this part of a mirror update process where the Release and Release.gpg files are inconsistent?

Any idea how to get rid of these error messages?