The elasticsearch package from [1] also triggers the SHA1 too-broken message.
But what I don't understand is that the InRelease [2] file has MD5Sum/SHA1/SHA256 hashes. So what is the issue about SHA1 if we have a better one (SHA256)? And why is there no complaint about MD5? [1]: https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-elasticsearch-with-debian-package [2]: https://artifacts.elastic.co/packages/9.x/apt/dists/stable/InRelease
