This security notification appears when a package repository changes its Origin metadata. It requires explicit user acknowledgment before package updates can proceed. Learn how to safely accept these changes.
APT (Advanced Package Tool) includes a security feature that validates repository metadata consistency. The "Origin" field in a repository's Release file identifies the organization publishing the repository. When a repository maintainer changes this metadata—such as when Google changed from "Google, Inc." to "Google LLC"—APT requires you to explicitly acknowledge the change before continuing. This is a security measure to protect against man-in-the-middle attacks and repository hijacking. Since APT version 1.5, users must confirm changes to important repository metadata fields like Origin, Label, Codename, and Version to ensure they intentionally accept significant changes.
Run the update command without additional flags. APT will prompt you to accept the changes:
sudo apt updateWhen prompted with:
Do you want to accept these changes and continue updating from this repository? [y/N]Type y and press Enter to accept the new Origin metadata. This tells APT you've reviewed and approved the repository changes.
Note: If using apt-get instead of apt, you may need to use apt for the interactive prompt to appear.
For scripts, CI/CD pipelines, or Docker builds where interactive input is impossible, add the --allow-releaseinfo-change flag:
sudo apt-get update --allow-releaseinfo-changeThis automatically accepts the repository metadata changes without prompting. If multiple repositories have changed, repeat for each:
sudo apt-get update --allow-releaseinfo-change-origin
sudo apt-get update --allow-releaseinfo-change-label
sudo apt-get update --allow-releaseinfo-change-versionUse specific flags if only certain metadata fields changed.
Before accepting, verify the change comes from the actual repository maintainer:
1. Check the repository source: Examine your repository list:
cat /etc/apt/sources.list
ls /etc/apt/sources.list.d/2. Visit official website: Go to the official project website (e.g., Google, Grafana) and confirm the new Origin name matches their official branding changes.
3. Check repository documentation: Review the repository's official changelog or announcement to understand why the metadata changed.
4. Verify URL is correct: Ensure the repository URL in your sources hasn't been altered—only the Origin metadata changed.
If you cannot verify the change is legitimate, remove the repository:
# Remove by source list file
sudo rm /etc/apt/sources.list.d/repository-name.list
# Or disable it by commenting out in main sources list
sudo nano /etc/apt/sources.listThen run:
sudo apt updateOnly re-add the repository after confirming the changes are legitimate from official sources.
Why APT enforces this change: Repository metadata changes can indicate serious issues like man-in-the-middle attacks, DNS hijacking, or malicious repository redirects. By requiring explicit acknowledgment, APT ensures you've reviewed what changed.
Common repository changes: Google Chrome Remote Desktop, Google Linux repositories, Grafana OSS, NVIDIA Docker, and many third-party repositories have updated their Origin metadata over time. This is typically safe when verified through official channels.
aptitude compatibility: The text-based package manager aptitude has historically had issues handling Origin changes. If you use aptitude, switch to apt for the interactive prompt or use the flag-based approach.
Temporary vs. permanent acceptance: Using the flag (--allow-releaseinfo-change) is temporary—it only suppresses the check for that single run. The error will reappear on future updates. Interactive acceptance (y/N) also doesn't permanently suppress the check; it only confirms for that session. APT expects you to make a conscious decision each time significant metadata changes.
E: Could not connect to proxy server
Could not connect to proxy server
E: Package 'package:i386' has no installation candidate
How to fix "Package package:i386 has no installation candidate" in apt
E: The value 'value' is invalid for APT::Default-Release
How to fix invalid APT::Default-Release value in APT
dpkg: error: unable to create new file 'path': Permission denied
How to fix dpkg permission denied errors in APT
subprocess installed post-removal script returned error exit status 1
How to fix "subprocess installed post-removal script returned error exit status 1" in APT