When running a routine package update, I sometimes get errors like this:
$ sudo apt-get update
...
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://security.ubuntu.com hardy-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/Release
W: Some index files failed to download, they have been ignored, or old ones used instead.
W: You may want to run apt-get update to correct these problems
This ubuntu bugs page suggests this:
$ sudo apt-get update -o Acquire::http::No-Cache=true
but the problem persists.
Solved it! By deleting the incorrectly signed Release and Release.gpg files that were downloaded in the last try:
$ sudo rm -f /var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_hardy-security_Release*
Now apt-get is successful.
I got the idea above from the instructions in comment 20 to the bug