Software repository authentication with modified /etc/apt/sources.list

Asked by Stefan Nagy

I modified my /etc/apt/sources.list like it is described here: After that, always when I want to install a package in Synaptic get a warning message in Synaptic that my software repositories can't be or aren't authenticated.

Is that normal or is it a malfunction? I couldn't find anything about that on the net...

Thanks in advance!

Question information

English Edit question
Ubuntu apt-p2p Edit question
No assignee Edit question
Solved by:
Stefan Nagy
Last query:
Last reply:
Revision history for this message
Stefan Nagy (stefan-nagy) said :

To restate my question:

The article in the german ubuntuusers-wiki ( tells me, that apt-p2p isn't risky because the packages in the software repositories are signed and so APT would notice a changed/corrupted package.

Now, as I understand the apt-secure manual, not just the packages are signed but there are also realease files on each software repository. The release file aswell as the package file contains a checksum and "these two checksums allow apt to verify that it has downloaded a correct copy of the Packages file, with a checksum that matches the one in the Release file" (

As I understand it, both verification processes should work with apt-p2p because the packages of peers should be signed and they also should contain the checksum - it shouldn't make any difference.

But, as I said: When I modify my /ect/apt/sources.list and, after that, try to install a package, synaptic tells me "Sie haben Software vorgemerkt, die nicht authentifiziert werden konnte..." - which means something like "You chose software which couldn't be authenticated...".

So my restated question is: Why isn't APT (or Synaptic) able to authenticate the packeges when I use apt-p2p?

Revision history for this message
unbekannt1984 (unbekannt1984) said :

Problem has been solved on the german Ubuntu-forum

Have a look at:

The used Server seems to have old files. Use another mirror if you also have this problem.


Revision history for this message
Stefan Nagy (stefan-nagy) said :

The country mirror for Austria seems to be hosted by the "lagis Internet Serviceprovider GmbH" ( and according to the "Official Archive Mirrors for Ubuntu"-list ( this mirror really seems to be "one week behind".

As you can see in this list also a lot of other official mirrors aren't really up-to-date - so if this is really the reason for the apt-p2p authentication issue this means it would be quite common.

In this case the "APT setup"-section of the apt-p2p manual sould contain information about choosing a good (up-to-date) mirror.

Revision history for this message
Stefan Nagy (stefan-nagy) said :

Since this clearly seems to be a bug (Bug #667313), I'm closing this question. Thanks.