Ubuntu – Unauthenticated software sources


My Lucid (10.04) installation recently started warning me that the updated packages were unauthenticated. For instance, if I open Update Manager and click the "Install Updates" button, it warns me that You are about to install software that can't be authenticated! Doing this could allow a malicious individual to damage or take control of your system.

I don't remember seeing this before. I guess it looks like I don't have the right keys to verify signatures.

Update with more information:

I get the warning for all packages, including apt and linux-image.

This is what's in my /etc/apt/sources.list (sans comments)

deb http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse

update 2:

Whatever it was that was wrong, it is no longer wrong, so I won't be able to verify any suggested solutions.

Best Answer

Sometimes when a network connection interrupts apt-get update (or the automatic daily package list refresh), the signature file will not get written, resulting in apt yelling about the lack of authentication. In most situations (assuming no improperly configured transparent caching system is between you and the Internet), a simple sudo apt-get update will resolve the problem.