Running aptitude dist-upgrade on my system currently results in an attempt to upgrade a few packages. All of these packages are being flagged as "untrusted packages" which "could compromise your system's security". I have just recently added a new untrusted source to /etc/apt/sources.list.d, but I didn't expect that it would include any/all of these packages.
How can I find out which source is providing the newer versions of these packages?
update
Thanks to Karthick87 for an informative response. With that assistance, I was able to troubleshoot the underlying issue, which may itself be of interest to some readers.
It turned out that at least some of the updates in question were to be fetched from an official ubuntu mirror. I had been using that mirror without issues for some months now. I have done numerous dist-upgrades since upgrading to Maverick.
It looks like the issue is the same described by this bug report.
I've been able to resolve my problems by editing /etc/apt/sources.list to use the [Cc]anonical repository with lines like these:
deb http://archive.ubuntu.com/ubuntu maverick main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu maverick main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu maverick-updates main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu maverick-updates main universe restricted multiverse
deb http://security.ubuntu.com/ubuntu maverick-security main universe restricted multiverse
deb-src http://security.ubuntu.com/ubuntu maverick-security main universe restricted multiverse
After making the edits, I did sudo aptitude update; sudo aptitude dist-upgrade and did not get the warning message.
The command
apt-cache policy package_namewill list the sources for each available version.Sample Output:
In Terminal, run: