[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Don't change the assignment on a (fixed) issue please, yon. ** Changed in: apt (Ubuntu) Assignee: yon (thornyon) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Assignee: (unassigned) => yon (thornyon) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
See also https://github.com/rabbitmq/rabbitmq-server/issues/906 ** Bug watch added: github.com/rabbitmq/rabbitmq-server/issues #906 https://github.com/rabbitmq/rabbitmq-server/issues/906 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Also W: http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg: Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest algorithm (SHA1) W: http://liveusb.info/multisystem/depot/dists/all/Release.gpg: Signature by key 32027DE3D67157C45E69C0AE4E940D7FDD7FB8CC uses weak digest algorithm (SHA1) W: http://www.rabbitmq.com/debian/dists/testing/InRelease: Signature by key 0A9AF2115F4687BD29803A206B73A36E6026DFCA uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@angel-granados-j This bug is about the wording of the error message, not the fact that the error may appear. For how to avoid it I suggest you ask elsewhere, the ubuntu-users email list for example. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I have a owncloud 9 with Ubuntu 16.04. Today has started this error when I try to do apt-get update. I have my own local repo and am getting this error for it whenever I try to do apt-get update. I even recently updated the key I use to sign it to RSA/RSA 2048/2048 and also add the two lines in I add the two lines in ~/.gnupg/gpg.conf: cert-digest-algo SHA256 digest-algo SHA256 as recommended at http://askubuntu.com/a/776599/170127. And I have del the key and later add key again. However I still keep getting this error. Please advise as to what I have to do to stop getting this error. W: http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.gpg: Signature by key BCECA90325B072AB1245F739AB7C32C35180350A uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
It seems that MongoDB is also broken due to this https://jira.mongodb.org/browse/SERVER-23397 Workarounds? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I have also same problem with Google Earth http://dl.google.com/linux/earth/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)Failed to fetch http://dl.google.com/linux/earth/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/partial/dl.google.com_linux_earth_deb_dists_stable_Release which is considered strong enough for security purposes Some index files failed to download. They have been ignored, or old ones used instead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Sorry for the noise due to my previous comment #86. It is unrelated to this bug and it was because I was not generating the appropriate SHA256 lines in the Release file. Sorry again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I have my own local repo and am getting this error for it whenever I try to do apt-get update. I even recently updated the key I use to sign it to RSA/RSA 2048/2048 and also add the two lines in ~/.gnupg/gpg.conf: cert-digest-algo SHA256 digest-algo SHA256 as recommended at http://askubuntu.com/a/776599/170127. However I still keep getting this error. Please advise as to what I have to do to stop getting this error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Dirk That's a completely different error type. Your release file only contains an MD5Sum field. Look at the broken repositories section in https://wiki.debian.org/Teams/Apt/Sha1Removal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Thanks, I see the problem now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Attachment added: "Archive containing Release, Release.gpg and the public key that should authenticate them" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+attachment/4674400/+files/example.tgz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I switched to signing my repository with SHA512 encoded 4096 bit key. I still get the same error (No Hash entry in Release file ... which is considered strong enough ...). This is on Xubuntu Xenial 16.04 (amd64), apt version 1.2.10ubuntu1. I checked with apt-key, and the public version of the signing key is present. I'm drawing a blank here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@varlesh the information you provided is incomplete. Please tell the developers why exactly you think that the information is incorrectly worded, or what the correct wording is. Otherwise the input you provided might be missed. This message seems to be consistent for all repositories that are signed with SHA1. Why exactly do you think something is wrong? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
apt - 1.2.10ubuntu1 ubuntu xenial amd64 W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Mahmoud F.Elshazly (elshazly5) this bug is about the wording of a message, not about specific repositories. However, only one of the repositories is an Ubuntu repo, and that one is for trusty not xenial, so it is not appropriate to be using it at all. For the non-ubuntu repos you will have to take up the problem with them, or ask in a more appropriate place. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Ubuntu 16.04 after upgrading in my terminal apt-get update answered: W: http://www.scootersoftware.com/dists/bcompare4/Release.gpg: Signature by key C9467A8216C570CDFBAC3AFD331D6DDE7F8840CE uses weak digest algorithm (SHA1) W: http://download.videolan.org/pub/debian/stable/Release.gpg: Signature by key 8F0845FE77B16294429A79346BCA5E4DB84288D9 uses weak digest algorithm (SHA1) W: http://download.opensuse.org/repositories/home:/jgeboski/xUbuntu_14.04/./Release.gpg: Signature by key 1E7BF737CB8709F0F740625B12C6ADA61C85BB5E uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1) N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't support architecture 'i386' W: http://deb.playonlinux.com/dists/trusty/InRelease: Signature by key 74F7358425EEB6176094C884E0F72778C4676186 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/i-nex-development-team/stable/ubuntu/dists/trusty/Release.gpg: Signature by key 844A85F9F6C4BB6FA118D7E1431D3C83F34CDDAD uses weak digest algorithm (SHA1) Can anyone have a a solution for that? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Assignee: brad (bradmiller200593) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
in my terminal apt-get update answered: W: http://archive.getdeb.net/ubuntu/dists/xenial-getdeb/InRelease: Signature by key 1958A549614CE21CFC27F4BAA8A515F046D7E7CF uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Gajim: W: ftp://ftp.gajim.org/debian/dists/unstable/InRelease: Signature by key 95306A3F5430B830FE23ACEF838BC5151E5526DE uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Assignee: (unassigned) => brad (bradmiller200593) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Same problem here with Google Chrome repository. I hope that Google address it soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Hello!! :) I've installed Ubuntu 16.04, fresh install and I've this problem with Chrome. W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) Best regards!! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
It is actually correct. Compare with comment #30. The message is supposed to be worded this way. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
In my case it's only the Virtualbox Repo W: http://download.virtualbox.org/virtualbox/debian/dists/xenial/InRelease: Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Ubuntu 16.04 LTS xenial beta amd64 (2016 0416) - i have only problem with SHA1 while installing www.webmin.com W: http://webmin.mirror.somersettechsolutions.co.uk/repository/dists/sarge/Release.gpg: Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest algorithm (SHA1) W: http://download.webmin.com/download/repository/dists/sarge/Release.gpg: Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Injigo, Beta 2 indeed had this problem, but it's already been fixed in more recent daily builds. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I'm getting this error in a live session of Ubuntu 16.04 Desktop Beta 2 amd64 when I run "sudo apt-get update". This is a fresh boot running directly from an ISO booted from the hard drive. I've added no PPA's. ubuntu@ubuntu:~$ sudo apt-get update Ign:1 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ - Beta amd64 (20160323) xenial InRelease Hit:2 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ - Beta amd64 (20160323) xenial Release Hit:4 http://archive.ubuntu.com/ubuntu xenial InRelease Hit:5 http://archive.ubuntu.com/ubuntu xenial-updates InRelease Hit:6 http://security.ubuntu.com/ubuntu xenial-security InRelease Reading package lists... Done W: gpgv:/var/lib/apt/lists/Ubuntu%2016.04%20LTS%20%5fXenial%20Xerus%5f%20-%20Beta%20amd64%20(20160323)_dists_xenial_Release.gpg: The repository is insufficiently signed by key C5986B4F1257FFA86632CBA746181433FBB75451 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Williamforte which one? Copy/paste the relevant section here from the terminal. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I get this same error on Ubuntu 16.04 Desktop Beta 2 amd64 when I run `sudo apt-get update` in reference to one of the official Xenial repos. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
As per my most recent comment on bug 155, this is now fixed for all xenial Release files in PPAs. Pre-xenial Release files are less important numerically for this, but we know that some people have them enabled on xenial systems, so we'll be re-signing those too over the coming weeks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Edd, if you read up through this bug log you'll see a reference to bug 155, which has status on getting this sorted out for PPAs. Please, everyone, stop telling us about PPAs that are weakly signed; we know about it, we're working on it, and further comments are not going to make it happen any faster. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
My system is fully updated, but still getting these errors. Is there anyway that launchpad could please let the people responsible for these repos to 'get their ffing finger out'? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I did update my apt to 1.2.9 today and I'm still getting this warning ... W: http://ppa.launchpad.net/nijel/phpmyadmin/ubuntu/dists/xenial/InRelease: Signature by key AD829E29A018BAF8C3842FB080E7349A06ED541C uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Apologies, I misread your message. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Stop spamming and update your APT (including libapt-pkg5.0 !!!) to 1.2.8 or 1.2.9. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
This bug report was about a message string which has been fixed since. Still not fixed..! W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg- edgers_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 165D673674A995B3E64BF0CF4F191A5A8844C542 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_atareao_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_vincent- c_conky_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key C2079EE53D4B33595B07BDA9FE1FFCE65CB95493 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_no1wantdthisname_ppa_ubuntu_dists_wily_InRelease: The repository is insufficiently signed by key 988070CDAB1DCFA39A63BBC566BA314CE985B27B (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_icons_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_icons2_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_apps_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_shutter-testing- team_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key F1CB0C583A40C33320C9979E8214A9C71C89E4E1 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_transmissionbt_ppa_ubuntu_dists_wily_InRelease: The repository is insufficiently signed by key A37DA909AE70535824D82620976B5901365C5CA1 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_rednotebook_daily_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key BF97028AB62C5AA319C27BF6CD3EA4E67AFEC43D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_rvm_smplayer_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key E23A3C5344AE497C2FEE7B0BA7E13D78E4A4F4F4 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_mpv- tests_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_jon-hedgerows_get- iplayer_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key F79D67D8EE8836721D1440E82CDAFB4702E04F78 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_font- manager_staging_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key AC6B0292DFB6091A9611F738B17DF9E284B7 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_midori_ppa_ubuntu_dists_wily_Release.gpg: The repository is insufficiently signed by key 67DED6AD2E4522DE018BF8C161E5F6C1A69241F1 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_gezakovacs_ppa_ubuntu_dists_wily_Release.gpg: The repository is insufficiently signed by key B1E2835433FA7DB85D51D45DF2E8FC91AE7E (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_me- davidsansome_clementine_ubuntu_dists_trusty_Release.gpg: The repository is insufficiently signed by key 7A467ADCBEE1FFC8CD8B784B4F172854044A3B98 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_kirillshkrogalev_ffmpeg- next_ubuntu_dists_utopic_Release.gpg: The repository is insufficiently signed by key 1EC6DBC9AA41BD34B32CC5A15C50E96D8EFE5982 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I've opened Bug #1562733 about failed updates due to "No Hash entry in Release file ... which is considered strong enough for security purposes" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
JFTR, I am looking at ways to drop the missing hash entry to a warning before the xenial release. But if I do this, this will be temporarily, and will become an error again starting in January. It will also not apply to the Nvidia repository, as MD5 is too weak to be trusted in any case. But warnings are always dubious: Most tools do not even show them at all (almost all the graphical ones). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
But note that this is off-topic for this bug report. This bug report was about a message string which has been fixed since. So, please for all our sanity, stop commenting here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Jen There is no workaround. The small number of affected repos should be fixed instead. Even of the reported 20 cases in https://wiki.debian.org/Teams/Apt/Sha1Removal, only 4/5 instances are broken, the other 16 only emit a warning. Out of the Google repositories, the only active ones are Chrome and (somewhat) MusicManager. Talk Plugin and Earth are *dead* (last update years ago). So that leaves you with Google Music Manager, Spider Oak One, and the severely broken Cuda. Cuda is a real clusterfuck, it uses a *very* weak hash algorithm (only MD5). I fully expect all broken repositories to be fixed within a few months after xenial's release, if not before. All affected parties are informed about that. And the others that are being warned about *will* break in 2017. There's no way back. There might be some further issues with uncooperative repository providers, but that's a good thing too: If they don't manage to upgrade their repository security until 2017, can you really trust them? A workaround might come at a later time, as there are some special use cases that need that (archived repositories), but this needs some careful designing. It will not be part of xenial, and we must make very sure that it's as hard to use as possible and still breaks any normal use, as otherwise users will just override the errors and risk being attacked. So be happy that the few things do not work now, this gives a better incentive for negligent repository owners to fix their broken repositories and prevents users from allowing themselves to be attacked. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Krzysztof Kowalewski (krzysztofkow92) (Half-)Broken repositories are tracked at https://wiki.debian.org/Teams/Apt/Sha1Removal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
OK, so maybe one repository is fixed now. What about the rest that we need? Is there a workaround for installing from a repo that doesn't use SHA256 yet? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
That makes no sense, Jen, the repository was fixed last week, see: https://bugs.chromium.org/p/chromium/issues/detail?id=594414 $ curl -s http://dl.google.com/linux/chrome/deb/dists/stable/Release | egrep 'Date|SHA2' Date: Thu, 24 Mar 2016 17:24:39 + SHA256: I know this because I use the freaking repository myself, was affected when I introduced the change, and opened the bug at chromium... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Julian, installing Chrome is blocked. The line starts with an "E:" so it is an error! The message: "No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release, which is considered strong enough for security purposes" Is there a workaround? My users need Chrome and other third-party software that only has SSH1 keys. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@Jen: Just because some indexes failed to download does not mean that Chrome failed to download. Please actually *read* the error messages. Those saying "Failed to fetch" failed, the others did not. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
This update just came up now for Xenial: Cambios para las versiones de apt: Versión instalada: 1.2.7 Versión disponible: 1.2.8 Versión 1.2.8: [ Michael Vogt ] * Get accurate progress reporting in apt update again [ Julian Andres Klode ] * Report non-transient errors as errors, not as warnings * methods/gpgv: Rewrite error handling and message. Thanks to Ron Lee for wording suggestions * Use descriptive URIs in 104 Warning messages * cachefile: Only set members that were initialized successfully (Closes: #818628) * Update symbols file [ David Kalnischkies ] * do not strip epochs from state version strings (Closes: 818162) * properly check for "all good sigs are weak" (Closes: 818910) * handle gpgv's weak-digests ERRSIG [ Zhou Mo ] * zh_CN.po: update simplified Chinese translation. (Closes: #818639) [ Takuma Yamada ] * Japanese manpage translation update (Closes: 818950) So, let's see how it goes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
> This doesn't block installing Chrome - it's just a warning. Colin, it does block installing Chrome: $ sudo apt-get update ; echo $? ... E: Some index files failed to download. They have been ignored, or old ones used instead. 100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
W: http://ppa.launchpad.net/diesch/testing/ubuntu/dists/vivid/InRelease: Signature by key E53B0E36210D2EDBFA94E8AB5AF549300FEB6DD9 uses weak digest algorithm (SHA1) W: http://repository.spotify.com/dists/stable/InRelease: Signature by key BBEBDCB318AD50EC6865090613B00F1FD2C19886 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/libreoffice/libreoffice-5-1/ubuntu/dists/xenial/InRelease: Signature by key 36E81C9267FD1383FCC4490983FBA1751378B444 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/noobslab/icons2/ubuntu/dists/vivid/InRelease: Signature by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D uses weak digest algorithm (SHA1) W: http://apt.insynchq.com/ubuntu/dists/xenial/InRelease: Signature by key 3B158123A580D31A9E86248106BBDC2602DFE7E7 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/peterlevi/ppa/ubuntu/dists/xenial/InRelease: Signature by key 876E675CB1AABA3497F27BA6C45A53C1A546BE4F uses weak digest algorithm (SHA1) W: https://deb.opera.com/opera-beta/dists/stable/InRelease: Signature by key 419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 uses weak digest algorithm (SHA1) W: http://mega.nz/linux/MEGAsync/xUbuntu_15.04/./Release.gpg: Signature by key BF8B66E01192CBA2E72201294B4E7A9523ACD201 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Which means that everything is working intended now. Don't even complain about Nvidia, that was broken with 1.1 as well, it only has MD5 checksums. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
@juliank: This is still a problem, at least with some repos: 1. `apt-get update` returns a non-zero exit code and so automated scripts that do `apt-get update && apt-get install ...` will fail to install the required packages. 2. Even if we ignore the error, the index files are not being accepted and packages described in the index cannot be installed. Here is an example of a trying to install the CUDA driver inside an Ubuntu 16.04 docker container: Step 4 : RUN dpkg -i cuda-repo-ubuntu1504_7.5-18_amd64.deb && apt-get update ; apt-get install -y --no-install-recommends cuda ---> Running in 3034cbd1c6e2 Selecting previously unselected package cuda-repo-ubuntu1504. (Reading database ... 10067 files and directories currently installed.) Preparing to unpack cuda-repo-ubuntu1504_7.5-18_amd64.deb ... Unpacking cuda-repo-ubuntu1504 (7.5-18) ... Setting up cuda-repo-ubuntu1504 (7.5-18) ... OK Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [116 kB] Hit:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease Hit:3 http://archive.ubuntu.com/ubuntu xenial-security InRelease Ign:4 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 InRelease Get:5 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 Release [186 B] Get:6 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 Release.gpg [181 B] Fetched 116 kB in 1s (82.1 kB/s) Reading package lists... W: http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64/Release.gpg: Signature by key 889BEE522DA690103C4B085ED88C3D385C37D3BE uses weak digest algorithm (SHA1) E: Failed to fetch http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64/Release No Hash entry in Release file /var/lib/apt/lists/partial/developer.download.nvidia.com_compute_cuda_repos_ubuntu1504_x86%5f64_Release, which is considered strong enough for security purposes E: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Building dependency tree... Reading state information... E: Unable to locate package cuda As you can see the package is not being installed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Also removed the affects apt thing, as there is no bug in the Debian BTS, and APT does not use Launchpad to track bugs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Just for the record, with the Google Chrome and Talk repos it looks like this now: W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't support architecture 'i386' W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) E: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/partial/dl.google.com_linux_talkplugin_deb_dists_stable_Release which is considered strong enough for security purposes E: Some index files failed to download. They have been ignored, or old ones used instead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Since APT 1.2.8, the message has been changed, and the "Hash Entry" error message is now "E" instead of "W", so we can close that now. 1.2.9 in proposed also removes the misleading comma in the hash entry message. ** Changed in: apt (Ubuntu) Status: Confirmed => Fix Released ** No longer affects: apt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
On Sat, Mar 26, 2016 at 09:54:16PM -, Jen Wilson wrote: > This should have been a warning for one release before making it a > blocking issue. I know Ubuntu hates Google and doesn't want us to > install Chrome, but many of us need it. This doesn't block installing Chrome - it's just a warning. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
The same problem: http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: Signature by key W: http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/atareao/atareao/ubuntu/dists/xenial/InRelease: Signature by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/indicator-multiload/stable-daily/ubuntu/dists/xenial/InRelease: Signature by key 29A2D308818C59EB8AC53826D834D91FA49CCDDB uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/libreoffice/ppa/ubuntu/dists/xenial/InRelease: Signature by key 36E81C9267FD1383FCC4490983FBA1751378B444 uses weak digest algorithm (SHA1) W: http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_15.10/Release.gpg: Signature by key F9EA4996747310AE79474F44977C43A8BA684223 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/videolan/stable-daily/ubuntu/dists/xenial/InRelease: Signature by key 3361E59FF5029E6B90A9A80D09589874801DF724 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
This should have been a warning for one release before making it a blocking issue. I know Ubuntu hates Google and doesn't want us to install Chrome, but many of us need it. Telling us what we are allowed or not allowed to install is something Microsoft would do. These are our computers. Please allow us to install software that we need. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Also affects: apt Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Oops! forgot to include what I Googled on: "The repository is insufficiently signed" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I did a Google search on " " and found this old (2009) article from Debian concerning the algorithm used for signing the package digest: https://www.debian-administration.org/users/dkg/weblog/48 Is it applicable to this issue? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Turns out that the issue is not as bad as I thought it was. The error message was due to a single repo and not all the repos showing warnings. Removing it got rid of the error message in both the terminal and the GUI updater. The affected repo was the Google Talk Plugin: W: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release, which is considered strong enough for security purpose Since these kind of repos will produce an error, wouldn't it be appropriate to raise the severity from Warning to Error? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
IMO, this verification and error message needs to be removed from Xenial before it ships in April. Right now, all major external repositories have not made the switch from SHA1, not even PPAs hosted by Canonical itself. The graphical updater shows a cryptic and unhelpful error message (Check your Internet connection.) because of this and I cannot imagine the amount of confusion that will ensue following Xenial's release if this is not reverted. I've seen *very frequently* people come at LUGs totally confused and thinking their Ubuntu install is broken because of very similar issues. I personally have an external repository hosted on openSUSE Build Service which is unusable right now on Xenial because of this. I had to find out about the upgrade from SHA1 to SHA2 as a regular user and not as a repository maintainer, and even if I wanted to do something about it, I can't because it's openSUSE's responsibility to do it. The exact same thing is true for everyone using PPAs on Launchpad. A bunch of warnings should not result in an error (E: Some index files failed to download. They have been ignored, or old ones used instead.) and it should totally NOT tell non technical users to "Check their Internet connection"! SHA1 was OK for a good number of years amd all of a sudden, it becomes so insecure that it should break user's installs? While it is perfectly valid to switch to the superior, more secure SHA2, this migration should NOT be done in such a brutal way, at the expense of normal users and without any kind of notification to external package maintainers. If SHA1 isn't accepted alongside SHA2 without any repercussions for normal users for at least the next couple years, the result *will be disastrous*. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Cannot install Hipchat either W: Failed to fetch https://atlassian.artifactoryonline.com/atlassian /hipchat-apt-client/dists/xenial/Release No Hash entry in Release file /var/lib/apt/lists/partial/atlassian.artifactoryonline .com_atlassian_hipchat-apt-client_dists_xenial_Release, which is considered strong enough for security purposes -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Is there a way to force my system to accept these keys anyway? I'd much prefer to be warned that this is using a less secure hash rather than being blocked from accessing these repos. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Considering Debian doesn't allow new account creation on it's Wiki, I'll just post it here so someone else can add it to their list: RAVEfinity PPA gpgv:/var/lib/apt/lists/ppa.launchpad.net_ravefinity- project_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key AB3C11871E5ADDD637F8BAA89B0BBF00E2D0EBE9 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
We had the intention (#818639) but forgot it then so only zh_CN was fixed in 1.2.8 … I commited the comma-drop now [I would like to claim that this comma makes perfect sense in German but even there it is a bit strange]. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
On Thu, Mar 24, 2016 at 09:16:22PM -, Julian Andres Klode wrote: > E: Failed to fetch http://example.com/InRelease No Hash entry in Release > file /var/lib/apt/lists/partial/example.com_InRelease, which is > considered strong enough for security purposes Could you please drop that comma while you're here? Unlike German, it modifies the meaning in English in a way that doesn't make sense: it implies that there is no Hash entry (should that be lower-case instead?) at all, and that this situation is considered strong enough for security purposes. That's obviously nonsensical, and removing the comma so that the relative clause is restrictive rather than non-restrictive fixes the grammar. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
After a lot of further input, the text was changed in APT 1.2.8 to read: W: http://example.com/InRelease: Signature by key 0123456789ABCDEF0123456789ABCDEF01234567 uses weak digest algorithm (SHA1) The other message: W: Failed to fetch http://example.com/InRelease No Hash entry in Release file /var/lib/apt/lists/partial/example.com_InRelease, which is considered strong enough for security purposes now has an E in front of it: E: Failed to fetch http://example.com/InRelease No Hash entry in Release file /var/lib/apt/lists/partial/example.com_InRelease, which is considered strong enough for security purposes This should hopefully clarify things and be less annoying. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
You do not need to do anything if you have your own PPA. Furthermore, people do not need to keep reporting individual PPAs that are signed with weak digests. We'll fix them in bulk, hopefully quite soon (still working on the last bits of code for that). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
If I have my own ppa, do I need to do anything? It's not 100% clear in this thread. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I tried that already with no luck. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Re-add the PPAs. On Wed, Mar 23, 2016 at 9:15 PM, Flávio Oliveirawrote: > All PPAs I have, on the site launchpad says are compatible with Ubuntu > 16.04 > > W: > gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: > The repository is insufficiently signed by key > 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) > > W: > gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-5-1_ubuntu_dists_xenial_InRelease: > The repository is insufficiently signed by key > 36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest) > > W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_maarten- > baert_simplescreenrecorder_ubuntu_dists_xenial_InRelease: The > repository > is insufficiently signed by key > 4DEDB3E05F043CA185176AC0409C8B51283EC8CD > (weak digest) > > W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto- > kesselgulasch_gimp_ubuntu_dists_xenial_InRelease: The repository is > insufficiently signed by key FB97E9C3A97F85C095AEA7903BDAAC08614C4B38 > (weak digest) > > W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_sunab_kdenlive- > release_ubuntu_dists_xenial_InRelease: The repository is > insufficiently > signed by key 6976C1CEB06586061C2C0472B5115B98AA836CA8 (weak digest) > > W: > gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_atom_ubuntu_dists_xenial_InRelease: > The repository is insufficiently signed by key > 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) > > W: > gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease: > The repository is insufficiently signed by key > 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) > > > Only Megasync I downloaded the deb > > W: > gpgv:/var/lib/apt/lists/mega.nz_linux_MEGAsync_xUbuntu%5f15.04_._Release.gpg: > The repository is insufficiently signed by key > BF8B66E01192CBA2E72201294B4E7A9523ACD201 (weak digest) > > -- > You received this bug notification because you are subscribed to the > bug > report. > https://bugs.launchpad.net/bugs/1558331 > > Title: > message "The repository is insufficiently signed by key (weak > digest)" is poorly worded > > Status in apt package in Ubuntu: > Confirmed > > Bug description: > The title pretty much says it all. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
All PPAs I have, on the site launchpad says are compatible with Ubuntu 16.04 W: gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-5-1_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_maarten- baert_simplescreenrecorder_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4DEDB3E05F043CA185176AC0409C8B51283EC8CD (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto- kesselgulasch_gimp_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key FB97E9C3A97F85C095AEA7903BDAAC08614C4B38 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_sunab_kdenlive- release_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 6976C1CEB06586061C2C0472B5115B98AA836CA8 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_atom_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) Only Megasync I downloaded the deb W: gpgv:/var/lib/apt/lists/mega.nz_linux_MEGAsync_xUbuntu%5f15.04_._Release.gpg: The repository is insufficiently signed by key BF8B66E01192CBA2E72201294B4E7A9523ACD201 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Yes, see my most recent comment in bug 155 for the current state of things with regard to ppa.launchpad.net. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Hi, I'm just uploaded new gegl and gimp packages. to my PPA - ppa:otto-kesselgulasch/gimp-edge new gegl and gimp packages. After building I don't had no trouble anymore with apt-get update and apt-get upgrade. I added "personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" to my gpg.conf before debuild -S -sd I hope this helps. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Estoy presentando el mismo inconveniente con estas ppa W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_telegram_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-prereleases_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest) W: gpgv:/var/lib/apt/lists/download.ebz.epson.net_dsc_op_stable_debian_dists_lsb3.2_Release.gpg: The repository is insufficiently signed by key E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_phalcon_stable_ubuntu_dists_wily_InRelease: The repository is insufficiently signed by key 098DD12808F67757EC9CA5B72A763BCD1E569794 (weak digest) W: gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_sublime-text-3_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_y-ppa-manager_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_tor-browser_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Many repositories are affected: As already reported, Google's repos and: AppGrid W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_appgrid_stable_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key F9A8B020F741A5B52B888A88241FE6973B765FAE (weak digest) Intel Graphics W: gpgv:/var/lib/apt/lists/download.01.org_gfx_ubuntu_15.10_main_dists_wily_InRelease: The repository is insufficiently signed by key 6C82391DC41365FB56EC3CE4A496EB03894A3A8D (weak digest) Dolphin Emulator W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_dolphin-emu_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key FF0A61D519AE6B0E59B3E6B6FDBD34A8869BF237 (weak digest) PCSX2 Emulator W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_gregory-hainaut_pcsx2.official.ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A36D8D60D79F0F65D2B81421508A982D7A617FF4 (weak digest) Libretro Retroarch W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_libretro_stable_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 3B2BA0B6750986899B189AFF18DAAE7FECA3745F (weak digest) Clementine (Media Player) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_me-davidsansome_clementine-dev_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7A467ADCBEE1FFC8CD8B784B4F172854044A3B98 (weak digest) WebUpd8 W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_nilarimogard_webupd8_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 1DB29AFFF6C70907B57AA31F531EE72F4C9D234C (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_y-ppa-manager_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) Variety W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_peterlevi_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 876E675CB1AABA3497F27BA6C45A53C1A546BE4F (weak digest) PPSSPP Emulator W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_ppsspp_testing_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7E29D1156F92A53C89195AC6DB9510F6ED0F784C (weak digest) KODI / XBMC W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_team-xbmc_unstable_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 189701DA570C56B9488EF60A6D975C4791E7EE5E (weak digest) Tony George PPA W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_teejee2008_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 1B32B87ABAEE357218F6B48CB5B116B72D0F61F0 (weak digest) Freshlight W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_colingille_freshlight_ubuntu_dists_vivid_Release.gpg: The repository is insufficiently signed by key 3764AB961B292804CD3474FAEAE2E8E7CB7F5C71 (weak digest) gstreamer0.10-ffmpeg W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_gstffmpeg-keep_ubuntu_dists_vivid_Release.gpg: The repository is insufficiently signed by key 8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest) APT works fine despite the warnings. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I dont think this is a bug. The wording says what the issue is. The Key used is only sha1 which is considered too weak. The ones using that old Keys should fix their repos and make proper signing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Same here: W: gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_wily_InRelease: The repository is insufficiently signed by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_cdemu_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key AFDF4CC6A4F32AA9395FAE8F423A2125D782A00F (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_ehoover_compholio_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 99ED08A0FCA332C7BD045B6A497A0F381F691896 (weak digest) W: gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mamarley_quassel-git_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A0D47AB4E99FF9F9C0EA949A26F4EF8440618B66 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mozillateam_thunderbird-next_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 0AB215679C571D1C8325275B9BDB3D89CE49EC21 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg-edgers_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 165D673674A995B3E64BF0CF4F191A5A8844C542 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Same bug here: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnumdk_lollypop_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 8FAD14A04A8E87F23FB5653BDBA501177AA84500 (weak digest) W: gpgv:/var/lib/apt/lists/repository.spotify.com_dists_stable_InRelease: The repository is insufficiently signed by key BBEBDCB318AD50EC6865090613B00F1FD2C19886 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_linrunner_tlp_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 2042F03C5FABD0BA2CED40412B3F92F902D65EFF (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_mpv-tests_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Assignee: trebor271074 (trebor271074) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Assignee: (unassigned) => trebor271074 (trebor271074) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
I can confirm that I've been seeing this the past couple of days too: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_teejee2008_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 1B32B87ABAEE357218F6B48CB5B116B72D0F61F0 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/deb.opera.com_opera-stable_dists_stable_InRelease: The repository is insufficiently signed by key 419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 (weak digest) I do know that these are just warnings, but will confuse some people. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Ironically, I tried to install some debug symbols today and also got these messages: W: gpgv:/var/lib/apt/lists/partial/ddebs.ubuntu.com_dists_xenial_Release.gpg: The repository is insufficiently signed by key 2512191FEF8729D6E5AF414DECDCAD72428D7C01 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
For further information on the topic, take a look at the upstream wiki page tracking broken repositories and explaining the two levels of brokenness: https://wiki.debian.org/Teams/Apt/Sha1Removal Feel free to add other repositories there. @heiko: The PPAs are pending, but WRT Google Earth: There was no new release in the repository since Thu, 19 May 2011 16:50:30 + (6.0.3.2197-r0 is the most recent in there) - it might be a good idea to delete the source. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Summary changed: - After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)" + message "The repository is insufficiently signed by key (weak digest)" is poorly worded -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Confirming the bug here, I have the following on my machine: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_git-core_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key E1DD270288B4E6030699E45FA1715D88E1DF1F24 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnome3-team_gnome3_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 9D542E3D52C801D9F8E31682F1773AF13B1510FD (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W: gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_numix_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 43E076121739DEE5FB96BBED52B709720F164EEB (weak digest) W: gpgv:/var/lib/apt/lists/dl.google.com_linux_earth_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto-kesselgulasch_gimp-edge_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key FB97E9C3A97F85C095AEA7903BDAAC08614C4B38 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
Confirming the bug here, I have the following on my server - W: gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_vivid_InRelease: The repository is insufficiently signed by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_jpsutton_cockpit_ubuntu_dists_vivid_InRelease: The repository is insufficiently signed by key 7B6B809DC0F2DEF09DE284E6BB3BA55A3E4F2C0C (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest) W: gpgv:/var/lib/apt/lists/webmin.mirror.somersettechsolutions.co.uk_repository_dists_sarge_Release.gpg: The repository is insufficiently signed by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 (weak digest) W: gpgv:/var/lib/apt/lists/pkg.jenkins-ci.org_debian_binary_Release.gpg: The repository is insufficiently signed by key 150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6 (weak digest) W: gpgv:/var/lib/apt/lists/download.webmin.com_download_repository_dists_sarge_Release.gpg: The repository is insufficiently signed by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 (weak digest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded
** Changed in: apt (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs