[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-11-15 Thread Julian Andres Klode 
Don't change the assignment on a (fixed) issue please, yon.

** Changed in: apt (Ubuntu)
 Assignee: yon (thornyon) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-11-15 Thread yon 
** Changed in: apt (Ubuntu)
 Assignee: (unassigned) => yon (thornyon)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-08-05 Thread Tonal 
See also https://github.com/rabbitmq/rabbitmq-server/issues/906

** Bug watch added: github.com/rabbitmq/rabbitmq-server/issues #906
   https://github.com/rabbitmq/rabbitmq-server/issues/906

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-08-05 Thread Tonal 
Also
W: http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg: 
Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest 
algorithm (SHA1)
W: http://liveusb.info/multisystem/depot/dists/all/Release.gpg: Signature by 
key 32027DE3D67157C45E69C0AE4E940D7FDD7FB8CC uses weak digest algorithm (SHA1)
W: http://www.rabbitmq.com/debian/dists/testing/InRelease: Signature by key 
0A9AF2115F4687BD29803A206B73A36E6026DFCA uses weak digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-29 Thread Colin Law 
@angel-granados-j This bug is about the wording of the error message, not the 
fact that the error may appear.
For how to avoid it I suggest you ask elsewhere, the ubuntu-users email list 
for example.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-29 Thread Angel Granados Gonzalez 
I have a owncloud 9 with Ubuntu 16.04. Today has started this error when
I try to do apt-get update.

I have my own local repo and am getting this error for it whenever I try
to do apt-get update. I even recently updated the key I use to sign it
to RSA/RSA 2048/2048 and also add the two lines in

I add the two lines in
~/.gnupg/gpg.conf:

cert-digest-algo SHA256
digest-algo SHA256

as recommended at http://askubuntu.com/a/776599/170127.

And I have del the key and later add key again.

However I still keep getting this error. Please advise as to what I have
to do to stop getting this error.


W: 
http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.gpg:
 Signature by key BCECA90325B072AB1245F739AB7C32C35180350A uses weak digest 
algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-19 Thread Sorin Sbârnea 
It seems that MongoDB is also broken due to this
https://jira.mongodb.org/browse/SERVER-23397

Workarounds?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-09 Thread S_B 
I have also same problem with Google Earth

http://dl.google.com/linux/earth/deb/dists/stable/Release.gpg: Signature
by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest
algorithm (SHA1)Failed to fetch

http://dl.google.com/linux/earth/deb/dists/stable/Release  No Hash entry
in Release file
/var/lib/apt/lists/partial/dl.google.com_linux_earth_deb_dists_stable_Release
which is considered strong enough for security purposes

Some index files failed to download. They have been ignored, or old ones
used instead.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-08 Thread Shriramana Sharma 
Sorry for the noise due to my previous comment #86. It is unrelated to
this bug and it was because I was not generating the appropriate SHA256
lines in the Release file. Sorry again.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-07 Thread Shriramana Sharma 
I have my own local repo and am getting this error for it whenever I try
to do apt-get update. I even recently updated the key I use to sign it
to RSA/RSA 2048/2048 and also add the two lines in ~/.gnupg/gpg.conf:

cert-digest-algo SHA256
digest-algo  SHA256

as recommended at http://askubuntu.com/a/776599/170127. However I still
keep getting this error. Please advise as to what I have to do to stop
getting this error.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-01 Thread Julian Andres Klode 
@Dirk That's a completely different error type. Your release file only
contains an MD5Sum field. Look at the broken repositories section in
https://wiki.debian.org/Teams/Apt/Sha1Removal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-01 Thread Dirk De Schepper 
Thanks, I see the problem now.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-01 Thread Dirk De Schepper 
** Attachment added: "Archive containing Release, Release.gpg and the public 
key that should authenticate them"
   
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+attachment/4674400/+files/example.tgz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-06-01 Thread Dirk De Schepper 
I switched to signing my repository with SHA512 encoded 4096 bit key. I
still get the same error (No Hash entry in Release file ... which is
considered strong enough ...). This is on Xubuntu Xenial 16.04 (amd64),
apt version 1.2.10ubuntu1. I checked with apt-key, and the public
version of the signing key is present. I'm drawing a blank here.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-05-09 Thread Wiktor: Nizio 
@varlesh the information you provided is incomplete. Please tell the
developers why exactly you think that the information is incorrectly
worded, or what the correct wording is. Otherwise the input you provided
might be missed. This message seems to be consistent for all
repositories that are signed with SHA1. Why exactly do you think
something is wrong?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-05-09 Thread varlesh 
apt - 1.2.10ubuntu1
ubuntu xenial amd64
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-05-04 Thread Colin Law 
@Mahmoud F.Elshazly (elshazly5) this bug is about the wording of a
message, not about specific repositories.

However, only one of the repositories is an Ubuntu repo, and that one is
for trusty not xenial, so it is not appropriate to be using it at all.
For the non-ubuntu repos you will have to take up the problem with them,
or ask in a more appropriate place.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-05-04 Thread Mahmoud F.Elshazly 
Ubuntu 16.04 after upgrading

in my terminal apt-get update answered:

W: http://www.scootersoftware.com/dists/bcompare4/Release.gpg: Signature by key 
C9467A8216C570CDFBAC3AFD331D6DDE7F8840CE uses weak digest algorithm (SHA1)
W: http://download.videolan.org/pub/debian/stable/Release.gpg: Signature by key 
8F0845FE77B16294429A79346BCA5E4DB84288D9 uses weak digest algorithm (SHA1)
W: 
http://download.opensuse.org/repositories/home:/jgeboski/xUbuntu_14.04/./Release.gpg:
 Signature by key 1E7BF737CB8709F0F740625B12C6ADA61C85BB5E uses weak digest 
algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1)
N: Skipping acquire of configured file 'main/binary-i386/Packages' as 
repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't 
support architecture 'i386'
W: http://deb.playonlinux.com/dists/trusty/InRelease: Signature by key 
74F7358425EEB6176094C884E0F72778C4676186 uses weak digest algorithm (SHA1)
W: 
http://ppa.launchpad.net/i-nex-development-team/stable/ubuntu/dists/trusty/Release.gpg:
 Signature by key 844A85F9F6C4BB6FA118D7E1431D3C83F34CDDAD uses weak digest 
algorithm (SHA1)

Can anyone have a a solution for that?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-05-02 Thread Mathew Hodson 
** Changed in: apt (Ubuntu)
 Assignee: brad (bradmiller200593) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-28 Thread arthurcamargo 
in my terminal apt-get update answered:

W: http://archive.getdeb.net/ubuntu/dists/xenial-getdeb/InRelease:
Signature by key 1958A549614CE21CFC27F4BAA8A515F046D7E7CF uses weak
digest algorithm (SHA1)

W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak
digest algorithm (SHA1)

W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak
digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-25 Thread Nick 
Gajim:

W: ftp://ftp.gajim.org/debian/dists/unstable/InRelease: Signature by key
95306A3F5430B830FE23ACEF838BC5151E5526DE uses weak digest algorithm
(SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-24 Thread brad 
** Changed in: apt (Ubuntu)
 Assignee: (unassigned) => brad (bradmiller200593)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-24 Thread Eduardo Medina 
Same problem here with Google Chrome repository. I hope that Google
address it soon.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-22 Thread Albert Cutrona 
Hello!! :)

I've installed Ubuntu 16.04, fresh install and I've this problem with
Chrome.

W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak
digest algorithm (SHA1)

Best regards!!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-19 Thread Wiktor: Nizio 
It is actually correct. Compare with comment #30. The message is
supposed to be worded this way.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-19 Thread franco_bez 
In my case it's only the Virtualbox Repo

W:
http://download.virtualbox.org/virtualbox/debian/dists/xenial/InRelease:
Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak
digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-17 Thread pavel bursa 
Ubuntu 16.04 LTS xenial beta amd64 (2016 0416) - i have only problem
with SHA1 while installing www.webmin.com

W: 
http://webmin.mirror.somersettechsolutions.co.uk/repository/dists/sarge/Release.gpg:
 Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest 
algorithm (SHA1)
W: http://download.webmin.com/download/repository/dists/sarge/Release.gpg: 
Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest 
algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-13 Thread Colin Watson 
Injigo, Beta 2 indeed had this problem, but it's already been fixed in
more recent daily builds.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-13 Thread Injigo 
I'm getting this error in a live session of Ubuntu 16.04 Desktop Beta 2
amd64 when I run "sudo apt-get update". This is a fresh boot running
directly from an ISO booted from the hard drive. I've added no PPA's.

ubuntu@ubuntu:~$ sudo apt-get update
Ign:1 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ - Beta amd64 (20160323) xenial 
InRelease
Hit:2 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ - Beta amd64 (20160323) xenial 
Release
Hit:4 http://archive.ubuntu.com/ubuntu xenial InRelease
Hit:5 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:6 http://security.ubuntu.com/ubuntu xenial-security InRelease  
Reading package lists... Done 
W: 
gpgv:/var/lib/apt/lists/Ubuntu%2016.04%20LTS%20%5fXenial%20Xerus%5f%20-%20Beta%20amd64%20(20160323)_dists_xenial_Release.gpg:
 The repository is insufficiently signed by key 
C5986B4F1257FFA86632CBA746181433FBB75451 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-05 Thread Colin Law 
@Williamforte which one?  Copy/paste the relevant section here from the
terminal.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-04-05 Thread William 
I get this same error on Ubuntu 16.04 Desktop Beta 2 amd64 when I run
`sudo apt-get update` in reference to one of the official Xenial repos.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-30 Thread Colin Watson 
As per my most recent comment on bug 155, this is now fixed for all
xenial Release files in PPAs.  Pre-xenial Release files are less
important numerically for this, but we know that some people have them
enabled on xenial systems, so we'll be re-signing those too over the
coming weeks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-29 Thread Colin Watson 
Edd, if you read up through this bug log you'll see a reference to bug
155, which has status on getting this sorted out for PPAs.  Please,
everyone, stop telling us about PPAs that are weakly signed; we know
about it, we're working on it, and further comments are not going to
make it happen any faster.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-29 Thread Edd Juglans 
My system is fully updated, but still getting these errors.

Is there anyway that launchpad could please let the people responsible
for these repos to 'get their ffing finger out'?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-28 Thread Alex 
I did update my apt to 1.2.9 today and I'm still getting this warning
...

W:
http://ppa.launchpad.net/nijel/phpmyadmin/ubuntu/dists/xenial/InRelease:
Signature by key AD829E29A018BAF8C3842FB080E7349A06ED541C uses weak
digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-28 Thread Alex 
Apologies, I misread your message.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-28 Thread Julian Andres Klode 
Stop spamming and update your APT (including libapt-pkg5.0 !!!) to 1.2.8
or 1.2.9.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-28 Thread Edd Juglans 
 This bug report was about a message string which has been fixed
since. 

Still not fixed..!

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg-
edgers_ppa_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key 165D673674A995B3E64BF0CF4F191A5A8844C542
(weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_atareao_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_vincent-
c_conky_ubuntu_dists_xenial_InRelease: The repository is insufficiently
signed by key C2079EE53D4B33595B07BDA9FE1FFCE65CB95493 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_no1wantdthisname_ppa_ubuntu_dists_wily_InRelease:
The repository is insufficiently signed by key
988070CDAB1DCFA39A63BBC566BA314CE985B27B (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_icons_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_icons2_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_apps_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_shutter-testing-
team_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently
signed by key F1CB0C583A40C33320C9979E8214A9C71C89E4E1 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_transmissionbt_ppa_ubuntu_dists_wily_InRelease:
The repository is insufficiently signed by key
A37DA909AE70535824D82620976B5901365C5CA1 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_rednotebook_daily_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
BF97028AB62C5AA319C27BF6CD3EA4E67AFEC43D (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_rvm_smplayer_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
E23A3C5344AE497C2FEE7B0BA7E13D78E4A4F4F4 (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_mpv-
tests_ubuntu_dists_xenial_InRelease: The repository is insufficiently
signed by key 8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_jon-hedgerows_get-
iplayer_ubuntu_dists_xenial_InRelease: The repository is insufficiently
signed by key F79D67D8EE8836721D1440E82CDAFB4702E04F78 (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_font-
manager_staging_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key AC6B0292DFB6091A9611F738B17DF9E284B7
(weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_midori_ppa_ubuntu_dists_wily_Release.gpg:
The repository is insufficiently signed by key
67DED6AD2E4522DE018BF8C161E5F6C1A69241F1 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_gezakovacs_ppa_ubuntu_dists_wily_Release.gpg:
The repository is insufficiently signed by key
B1E2835433FA7DB85D51D45DF2E8FC91AE7E (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_me-
davidsansome_clementine_ubuntu_dists_trusty_Release.gpg: The repository
is insufficiently signed by key 7A467ADCBEE1FFC8CD8B784B4F172854044A3B98
(weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_kirillshkrogalev_ffmpeg-
next_ubuntu_dists_utopic_Release.gpg: The repository is insufficiently
signed by key 1EC6DBC9AA41BD34B32CC5A15C50E96D8EFE5982 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-28 Thread Eugene Crosser 
I've opened Bug #1562733 about failed updates due to "No Hash entry in
Release file ... which is considered strong enough for security
purposes"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
JFTR, I am looking at ways to drop the missing hash entry to a warning
before the xenial release. But if I do this, this will be temporarily,
and will become an error again starting in January. It will also not
apply to the Nvidia repository, as MD5 is too weak to be trusted in any
case.

But warnings are always dubious: Most tools do not even show them at all
(almost all the graphical ones).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
But note that this is off-topic for this bug report. This bug report was
about a message string which has been fixed since.

So, please for all our sanity, stop commenting here.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
@Jen There is no workaround. The small number of affected repos should
be fixed instead. Even of the reported 20 cases in
https://wiki.debian.org/Teams/Apt/Sha1Removal, only 4/5 instances are
broken, the other 16 only emit a warning. Out of the Google
repositories, the only active ones are Chrome and (somewhat)
MusicManager. Talk Plugin and Earth are *dead* (last update years ago).
So that leaves you with Google Music Manager, Spider Oak One, and the
severely broken Cuda. Cuda is a real clusterfuck, it uses a *very* weak
hash algorithm (only MD5).

I fully expect all broken repositories to be fixed within a few months
after xenial's release, if not before. All affected parties are informed
about that.

And the others that are being warned about *will* break in 2017. There's
no way back. There might be some further issues with uncooperative
repository providers, but that's a good thing too: If they don't manage
to upgrade their repository security until 2017, can you really trust
them?

A workaround might come at a later time, as there are some special use
cases that need that (archived repositories), but this needs some
careful designing. It will not be part of xenial, and we must make very
sure that it's as hard to use as possible and still breaks any normal
use, as otherwise users will just override the errors and risk being
attacked.

So be happy that the few things do not work now, this gives a better
incentive for negligent repository owners to fix their broken
repositories and prevents users from allowing themselves to be attacked.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
@Krzysztof Kowalewski (krzysztofkow92) (Half-)Broken repositories are
tracked at

https://wiki.debian.org/Teams/Apt/Sha1Removal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Jen Wilson 
OK, so maybe one repository is fixed now.  What about the rest that we
need?

Is there a workaround for installing from a repo that doesn't use SHA256
yet?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
That makes no sense, Jen, the repository was fixed last week, see:

https://bugs.chromium.org/p/chromium/issues/detail?id=594414

$ curl -s http://dl.google.com/linux/chrome/deb/dists/stable/Release | egrep 
'Date|SHA2'
Date: Thu, 24 Mar 2016 17:24:39 +
SHA256:

I know this because I use the freaking repository myself, was affected
when I introduced the change, and opened the bug at chromium...

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Jen Wilson 
Julian, installing Chrome is blocked.  The line starts with an "E:" so
it is an error!  The message:

"No Hash entry in Release file
/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release,
which is considered strong enough for security purposes"

Is there a workaround?  My users need Chrome and other third-party
software that only has SSH1 keys.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
@Jen: Just because some indexes failed to download does not mean that
Chrome failed to download. Please actually *read* the error messages.
Those saying "Failed to fetch" failed, the others did not.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Jose Barakat 
This update just came up now for Xenial:


Cambios para las versiones de apt:
Versión instalada: 1.2.7
Versión disponible: 1.2.8

Versión 1.2.8:

  [ Michael Vogt ]
  * Get accurate progress reporting in apt update again

  [ Julian Andres Klode ]
  * Report non-transient errors as errors, not as warnings
  * methods/gpgv: Rewrite error handling and message.
Thanks to Ron Lee for wording suggestions
  * Use descriptive URIs in 104 Warning messages
  * cachefile: Only set members that were initialized successfully
(Closes: #818628)
  * Update symbols file

  [ David Kalnischkies ]
  * do not strip epochs from state version strings (Closes: 818162)
  * properly check for "all good sigs are weak" (Closes: 818910)
  * handle gpgv's weak-digests ERRSIG

  [ Zhou Mo ]
  * zh_CN.po: update simplified Chinese translation. (Closes: #818639)

  [ Takuma Yamada ]
  * Japanese manpage translation update (Closes: 818950)


So, let's see how it goes.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Jen Wilson 
> This doesn't block installing Chrome - it's just a warning.

Colin, it does block installing Chrome:

$ sudo apt-get update ; echo $?
...
E: Some index files failed to download. They have been ignored, or old ones 
used instead.
100

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Krzysztof Kowalewski 
W: http://ppa.launchpad.net/diesch/testing/ubuntu/dists/vivid/InRelease: 
Signature by key E53B0E36210D2EDBFA94E8AB5AF549300FEB6DD9 uses weak digest 
algorithm (SHA1)
W: http://repository.spotify.com/dists/stable/InRelease: Signature by key 
BBEBDCB318AD50EC6865090613B00F1FD2C19886 uses weak digest algorithm (SHA1)
W: 
http://ppa.launchpad.net/libreoffice/libreoffice-5-1/ubuntu/dists/xenial/InRelease:
 Signature by key 36E81C9267FD1383FCC4490983FBA1751378B444 uses weak digest 
algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://ppa.launchpad.net/noobslab/icons2/ubuntu/dists/vivid/InRelease: 
Signature by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D uses weak digest 
algorithm (SHA1)
W: http://apt.insynchq.com/ubuntu/dists/xenial/InRelease: Signature by key 
3B158123A580D31A9E86248106BBDC2602DFE7E7 uses weak digest algorithm (SHA1)
W: http://ppa.launchpad.net/peterlevi/ppa/ubuntu/dists/xenial/InRelease: 
Signature by key 876E675CB1AABA3497F27BA6C45A53C1A546BE4F uses weak digest 
algorithm (SHA1)
W: https://deb.opera.com/opera-beta/dists/stable/InRelease: Signature by key 
419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 uses weak digest algorithm (SHA1)
W: http://mega.nz/linux/MEGAsync/xUbuntu_15.04/./Release.gpg: Signature by key 
BF8B66E01192CBA2E72201294B4E7A9523ACD201 uses weak digest algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
Which means that everything is working intended now.

Don't even complain about Nvidia, that was broken with 1.1 as well, it
only has MD5 checksums.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Oded Arbel 
@juliank:

This is still a problem, at least with some repos:
1. `apt-get update` returns a non-zero exit code and so automated scripts that 
do `apt-get update && apt-get install ...` will fail to install the required 
packages.
2. Even if we ignore the error, the index files are not being accepted and 
packages described in the index cannot be installed.

Here is an example of a trying to install the CUDA driver inside an
Ubuntu 16.04 docker container:

Step 4 : RUN dpkg -i cuda-repo-ubuntu1504_7.5-18_amd64.deb && apt-get update ; 
apt-get install -y --no-install-recommends cuda
 ---> Running in 3034cbd1c6e2
Selecting previously unselected package cuda-repo-ubuntu1504.
(Reading database ... 10067 files and directories currently installed.)
Preparing to unpack cuda-repo-ubuntu1504_7.5-18_amd64.deb ...
Unpacking cuda-repo-ubuntu1504 (7.5-18) ...
Setting up cuda-repo-ubuntu1504 (7.5-18) ...
OK
Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [116 kB]
Hit:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial-security InRelease
Ign:4 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 
 InRelease
Get:5 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 
 Release [186 B]
Get:6 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64 
 Release.gpg [181 B]
Fetched 116 kB in 1s (82.1 kB/s)
Reading package lists...
W: 
http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64/Release.gpg:
 Signature by key 889BEE522DA690103C4B085ED88C3D385C37D3BE uses weak digest 
algorithm (SHA1)
E: Failed to fetch 
http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1504/x86_64/Release
  No Hash entry in Release file 
/var/lib/apt/lists/partial/developer.download.nvidia.com_compute_cuda_repos_ubuntu1504_x86%5f64_Release,
 which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old ones 
used instead.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package cuda

As you can see the package is not being installed.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
Also removed the affects apt thing, as there is no bug in the Debian
BTS, and APT does not use Launchpad to track bugs.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
Just for the record, with the Google Chrome and Talk repos it looks like
this now:

W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
N: Skipping acquire of configured file 'main/binary-i386/Packages' as 
repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't 
support architecture 'i386'
W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg: 
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest 
algorithm (SHA1)
E: Failed to fetch 
http://dl.google.com/linux/talkplugin/deb/dists/stable/Release  No Hash entry 
in Release file 
/var/lib/apt/lists/partial/dl.google.com_linux_talkplugin_deb_dists_stable_Release
 which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old ones 
used instead.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Julian Andres Klode 
Since APT 1.2.8, the message has been changed, and the "Hash Entry"
error message is now "E" instead of "W", so we can close that now.

1.2.9 in proposed also removes the misleading comma in the hash entry
message.

** Changed in: apt (Ubuntu)
   Status: Confirmed => Fix Released

** No longer affects: apt

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Colin Watson 
On Sat, Mar 26, 2016 at 09:54:16PM -, Jen Wilson wrote:
> This should have been a warning for one release before making it a
> blocking issue.  I know Ubuntu hates Google and doesn't want us to
> install Chrome, but many of us need it.

This doesn't block installing Chrome - it's just a warning.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-27 Thread Nand0 
The same problem:
 http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: 
Signature by key W: 
http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: 
Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest 
algorithm (SHA1)
W: http://ppa.launchpad.net/atareao/atareao/ubuntu/dists/xenial/InRelease: 
Signature by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 uses weak digest 
algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by 
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: 
http://ppa.launchpad.net/indicator-multiload/stable-daily/ubuntu/dists/xenial/InRelease:
 Signature by key 29A2D308818C59EB8AC53826D834D91FA49CCDDB uses weak digest 
algorithm (SHA1)
W: http://ppa.launchpad.net/libreoffice/ppa/ubuntu/dists/xenial/InRelease: 
Signature by key 36E81C9267FD1383FCC4490983FBA1751378B444 uses weak digest 
algorithm (SHA1)
W: 
http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_15.10/Release.gpg:
 Signature by key F9EA4996747310AE79474F44977C43A8BA684223 uses weak digest 
algorithm (SHA1)
W: 
http://ppa.launchpad.net/videolan/stable-daily/ubuntu/dists/xenial/InRelease: 
Signature by key 3361E59FF5029E6B90A9A80D09589874801DF724 uses weak digest 
algorithm (SHA1)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-26 Thread Jen Wilson 
This should have been a warning for one release before making it a
blocking issue.  I know Ubuntu hates Google and doesn't want us to
install Chrome, but many of us need it.  Telling us what we are allowed
or not allowed to install is something Microsoft would do.  These are
our computers.  Please allow us to install software that we need.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-26 Thread Mikerhinos 
** Also affects: apt
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Paul Loughman 
Oops!  forgot to include what I Googled on:  "The repository is
insufficiently signed"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Paul Loughman 
I did a Google search on " " and found this old (2009) article from
Debian concerning the algorithm used for signing the package digest:
https://www.debian-administration.org/users/dkg/weblog/48

Is it applicable to this issue?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Mathieu Comandon 
Turns out that the issue is not as bad as I thought it was. The error
message was due to a single repo and not all the repos showing warnings.
Removing it got rid of the error message in both the terminal and the
GUI updater. The affected repo was the Google Talk Plugin:

W: Failed to fetch
http://dl.google.com/linux/talkplugin/deb/dists/stable/Release  No Hash
entry in Release file
/var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release,
which is considered strong enough for security purpose

Since these kind of repos will produce an error, wouldn't it be
appropriate to raise the severity from Warning to Error?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Mathieu Comandon 
IMO, this verification and error message needs to be removed from Xenial before 
it ships in April. 
Right now, all major external repositories have not made the switch from SHA1, 
not even PPAs hosted by Canonical itself.

The graphical updater shows a cryptic and unhelpful error message (Check
your Internet connection.) because of this and I cannot imagine the
amount of confusion that will ensue following Xenial's release if this
is not reverted. I've seen *very frequently* people come at LUGs totally
confused and thinking their Ubuntu install is broken because of very
similar issues.

I personally have an external repository hosted on openSUSE Build
Service which is unusable right now on Xenial because of this. I had to
find out about the upgrade from SHA1 to SHA2 as a regular user and not
as a repository maintainer, and even if I wanted to do something about
it, I can't because it's openSUSE's responsibility to do it. The exact
same thing is true for everyone using PPAs on Launchpad.

A bunch of warnings should not result in an error (E: Some index files failed 
to download. They have been ignored, or old ones used instead.) and it should 
totally NOT tell non technical users to "Check their Internet connection"! 
SHA1 was OK for a good number of years amd all of a sudden, it becomes so 
insecure that it should break user's installs? While it is perfectly valid to 
switch to the superior, more secure SHA2, this migration should NOT be done in 
such a brutal way, at the expense of normal users and without any kind of 
notification to external package maintainers.

If SHA1 isn't accepted alongside SHA2 without any repercussions for
normal users for at least the next couple years, the result  *will be
disastrous*.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Mark Duncan 
Cannot install Hipchat either

W: Failed to fetch https://atlassian.artifactoryonline.com/atlassian
/hipchat-apt-client/dists/xenial/Release  No Hash entry in Release file
/var/lib/apt/lists/partial/atlassian.artifactoryonline
.com_atlassian_hipchat-apt-client_dists_xenial_Release, which is
considered strong enough for security purposes

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Mark Duncan 
Is there a way to force my system to accept these keys anyway?  I'd much
prefer to be warned that this is using a less secure hash rather than
being blocked from accessing these repos.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread Đorđe 
Considering Debian doesn't allow new account creation on it's Wiki, I'll
just post it here so someone else can add it to their list:

RAVEfinity PPA

gpgv:/var/lib/apt/lists/ppa.launchpad.net_ravefinity-
project_ppa_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key AB3C11871E5ADDD637F8BAA89B0BBF00E2D0EBE9
(weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-25 Thread David Kalnischkies 
We had the intention (#818639) but forgot it then so only zh_CN was
fixed in 1.2.8 … I commited the comma-drop now [I would like to claim
that this comma makes perfect sense in German but even there it is a bit
strange].

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-24 Thread Colin Watson 
On Thu, Mar 24, 2016 at 09:16:22PM -, Julian Andres Klode wrote:
> E: Failed to fetch http://example.com/InRelease No Hash entry in Release
> file /var/lib/apt/lists/partial/example.com_InRelease, which is
> considered strong enough for security purposes

Could you please drop that comma while you're here?  Unlike German, it
modifies the meaning in English in a way that doesn't make sense: it
implies that there is no Hash entry (should that be lower-case instead?)
at all, and that this situation is considered strong enough for security
purposes.  That's obviously nonsensical, and removing the comma so that
the relative clause is restrictive rather than non-restrictive fixes the
grammar.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-24 Thread Julian Andres Klode 
After a lot of further input, the text was changed in APT 1.2.8 to read:

W: http://example.com/InRelease: Signature by key
0123456789ABCDEF0123456789ABCDEF01234567 uses weak digest algorithm
(SHA1)

The other message:

W: Failed to fetch http://example.com/InRelease No Hash entry in Release
file /var/lib/apt/lists/partial/example.com_InRelease, which is
considered strong enough for security purposes

now has an E in front of it:

E: Failed to fetch http://example.com/InRelease No Hash entry in Release
file /var/lib/apt/lists/partial/example.com_InRelease, which is
considered strong enough for security purposes

This should hopefully clarify things and be less annoying.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-24 Thread Colin Watson 
You do not need to do anything if you have your own PPA.  Furthermore,
people do not need to keep reporting individual PPAs that are signed
with weak digests.  We'll fix them in bulk, hopefully quite soon (still
working on the last bits of code for that).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-23 Thread Shuhao 
If I have my own ppa, do I need to do anything? It's not 100% clear in
this thread.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-23 Thread Søren Holm 
I tried that already with no luck.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-23 Thread Pavlushka 
Re-add the PPAs.

On Wed, Mar 23, 2016 at 9:15 PM, Flávio Oliveira 
 wrote:
> All PPAs I have, on the site launchpad says are compatible with Ubuntu
> 16.04
> 
> W:
> gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
> The repository is insufficiently signed by key
> 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
> 
> W:
> gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-5-1_ubuntu_dists_xenial_InRelease:
> The repository is insufficiently signed by key
> 36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest)
> 
> W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_maarten-
> baert_simplescreenrecorder_ubuntu_dists_xenial_InRelease: The 
> repository
> is insufficiently signed by key 
> 4DEDB3E05F043CA185176AC0409C8B51283EC8CD
> (weak digest)
> 
> W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto-
> kesselgulasch_gimp_ubuntu_dists_xenial_InRelease: The repository is
> insufficiently signed by key FB97E9C3A97F85C095AEA7903BDAAC08614C4B38
> (weak digest)
> 
> W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_sunab_kdenlive-
> release_ubuntu_dists_xenial_InRelease: The repository is 
> insufficiently
> signed by key 6976C1CEB06586061C2C0472B5115B98AA836CA8 (weak digest)
> 
> W:
> gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_atom_ubuntu_dists_xenial_InRelease:
> The repository is insufficiently signed by key
> 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
> 
> W:
> gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease:
> The repository is insufficiently signed by key
> 7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
> 
> 
> Only Megasync I downloaded the deb
> 
> W:
> gpgv:/var/lib/apt/lists/mega.nz_linux_MEGAsync_xUbuntu%5f15.04_._Release.gpg:
> The repository is insufficiently signed by key
> BF8B66E01192CBA2E72201294B4E7A9523ACD201 (weak digest)
> 
> --
> You received this bug notification because you are subscribed to the 
> bug
> report.
> https://bugs.launchpad.net/bugs/1558331
> 
> Title:
>   message "The repository is insufficiently signed by key  (weak
>   digest)" is poorly worded
> 
> Status in apt package in Ubuntu:
>   Confirmed
> 
> Bug description:
>   The title pretty much says it all.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-23 Thread Flávio Oliveira 
All PPAs I have, on the site launchpad says are compatible with Ubuntu
16.04

W:
gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
The repository is insufficiently signed by key
4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-5-1_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_maarten-
baert_simplescreenrecorder_ubuntu_dists_xenial_InRelease: The repository
is insufficiently signed by key 4DEDB3E05F043CA185176AC0409C8B51283EC8CD
(weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto-
kesselgulasch_gimp_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key FB97E9C3A97F85C095AEA7903BDAAC08614C4B38
(weak digest)

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_sunab_kdenlive-
release_ubuntu_dists_xenial_InRelease: The repository is insufficiently
signed by key 6976C1CEB06586061C2C0472B5115B98AA836CA8 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_atom_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)

W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)


Only Megasync I downloaded the deb

W:
gpgv:/var/lib/apt/lists/mega.nz_linux_MEGAsync_xUbuntu%5f15.04_._Release.gpg:
The repository is insufficiently signed by key
BF8B66E01192CBA2E72201294B4E7A9523ACD201 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-22 Thread Colin Watson 
Yes, see my most recent comment in bug 155 for the current state of
things with regard to ppa.launchpad.net.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-22 Thread otto06217 
Hi,

I'm just uploaded new gegl and gimp packages. to my PPA - 
ppa:otto-kesselgulasch/gimp-edge new gegl and gimp packages.
After building I don't had no trouble anymore with apt-get update and apt-get 
upgrade.

I added

"personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 
ZLIB BZIP2 ZIP Uncompressed"

to my gpg.conf before debuild -S -sd

I hope this helps.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-22 Thread psamuel 
Estoy presentando el mismo inconveniente con estas ppa
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_telegram_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_libreoffice_libreoffice-prereleases_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
36E81C9267FD1383FCC4490983FBA1751378B444 (weak digest)
W: 
gpgv:/var/lib/apt/lists/download.ebz.epson.net_dsc_op_stable_debian_dists_lsb3.2_Release.gpg:
 The repository is insufficiently signed by key 
E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_phalcon_stable_ubuntu_dists_wily_InRelease:
 The repository is insufficiently signed by key 
098DD12808F67757EC9CA5B72A763BCD1E569794 (weak digest)
W: 
gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_sublime-text-3_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
W: 
gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_y-ppa-manager_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
W: 
gpgv:/var/lib/apt/lists/partial/ppa.launchpad.net_webupd8team_tor-browser_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-22 Thread Jose Barakat 
Many repositories are affected:

As already reported, Google's repos and:

AppGrid
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_appgrid_stable_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
F9A8B020F741A5B52B888A88241FE6973B765FAE (weak digest)

Intel Graphics
W: 
gpgv:/var/lib/apt/lists/download.01.org_gfx_ubuntu_15.10_main_dists_wily_InRelease:
 The repository is insufficiently signed by key 
6C82391DC41365FB56EC3CE4A496EB03894A3A8D (weak digest)

Dolphin Emulator 
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_dolphin-emu_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
FF0A61D519AE6B0E59B3E6B6FDBD34A8869BF237 (weak digest)

PCSX2 Emulator
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_gregory-hainaut_pcsx2.official.ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
A36D8D60D79F0F65D2B81421508A982D7A617FF4 (weak digest)

Libretro Retroarch
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_libretro_stable_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
3B2BA0B6750986899B189AFF18DAAE7FECA3745F (weak digest)

Clementine (Media Player)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_me-davidsansome_clementine-dev_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7A467ADCBEE1FFC8CD8B784B4F172854044A3B98 (weak digest)

WebUpd8
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_nilarimogard_webupd8_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
1DB29AFFF6C70907B57AA31F531EE72F4C9D234C (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_y-ppa-manager_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)

Variety
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_peterlevi_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
876E675CB1AABA3497F27BA6C45A53C1A546BE4F (weak digest)

PPSSPP Emulator
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_ppsspp_testing_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7E29D1156F92A53C89195AC6DB9510F6ED0F784C (weak digest)

KODI / XBMC
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_team-xbmc_unstable_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
189701DA570C56B9488EF60A6D975C4791E7EE5E (weak digest)

Tony George PPA
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_teejee2008_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
1B32B87ABAEE357218F6B48CB5B116B72D0F61F0 (weak digest)

Freshlight
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_colingille_freshlight_ubuntu_dists_vivid_Release.gpg:
 The repository is insufficiently signed by key 
3764AB961B292804CD3474FAEAE2E8E7CB7F5C71 (weak digest)

gstreamer0.10-ffmpeg
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_gstffmpeg-keep_ubuntu_dists_vivid_Release.gpg:
 The repository is insufficiently signed by key 
8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest)

APT works fine despite the warnings.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-21 Thread Achim Behrens 
I dont think this is a bug. The wording says what the issue is. The Key
used is only sha1 which is considered too weak. The ones using that old
Keys should fix their repos and make proper signing.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-21 Thread Sven Pfannkuch 
Same here:
W: 
gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_wily_InRelease:
 The repository is insufficiently signed by key 
7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_cdemu_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
AFDF4CC6A4F32AA9395FAE8F423A2125D782A00F (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_ehoover_compholio_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
99ED08A0FCA332C7BD045B6A497A0F381F691896 (weak digest)
W: 
gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
 The repository is insufficiently signed by key 
4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_mamarley_quassel-git_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
A0D47AB4E99FF9F9C0EA949A26F4EF8440618B66 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_mozillateam_thunderbird-next_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
0AB215679C571D1C8325275B9BDB3D89CE49EC21 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg-edgers_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
165D673674A995B3E64BF0CF4F191A5A8844C542 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-21 Thread Springbank 
Same bug here:
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnumdk_lollypop_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
8FAD14A04A8E87F23FB5653BDBA501177AA84500 (weak digest)
W: gpgv:/var/lib/apt/lists/repository.spotify.com_dists_stable_InRelease: The 
repository is insufficiently signed by key 
BBEBDCB318AD50EC6865090613B00F1FD2C19886 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_linrunner_tlp_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
2042F03C5FABD0BA2CED40412B3F92F902D65EFF (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_mc3man_mpv-tests_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
8E51A6D660CD88D67D65221D90BD7EACED8E640A (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-21 Thread dino99 
** Changed in: apt (Ubuntu)
 Assignee: trebor271074 (trebor271074) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-21 Thread trebor271074 
** Changed in: apt (Ubuntu)
 Assignee: (unassigned) => trebor271074 (trebor271074)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-20 Thread Cavsfan 
I can confirm that I've been seeing this the past couple of days too:
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_teejee2008_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
1B32B87ABAEE357218F6B48CB5B116B72D0F61F0 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
W: gpgv:/var/lib/apt/lists/deb.opera.com_opera-stable_dists_stable_InRelease: 
The repository is insufficiently signed by key 
419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 (weak digest)

I do know that these are just warnings, but will confuse some people.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-20 Thread Ralf Hildebrandt 
Ironically, I tried to install some debug symbols today and also got
these messages:

W:
gpgv:/var/lib/apt/lists/partial/ddebs.ubuntu.com_dists_xenial_Release.gpg:
The repository is insufficiently signed by key
2512191FEF8729D6E5AF414DECDCAD72428D7C01 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-20 Thread Julian Andres Klode 
For further information on the topic, take a look at the upstream wiki
page tracking broken repositories and explaining the two levels of
brokenness:

https://wiki.debian.org/Teams/Apt/Sha1Removal

Feel free to add other repositories there.

@heiko: The PPAs are pending, but WRT Google Earth: There was no new
release in the repository since Thu, 19 May 2011 16:50:30 +
(6.0.3.2197-r0 is the most recent in there) - it might be a good idea to
delete the source.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-19 Thread Brian Murray 
** Summary changed:

- After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party 
repositories become unusable with "The repository is insufficiently signed by 
key  (weak digest)"
+ message "The repository is insufficiently signed by key  (weak digest)" is 
poorly worded

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-19 Thread heiko 
Confirming the bug here, I have the following on my machine:
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_git-core_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
E1DD270288B4E6030699E45FA1715D88E1DF1F24 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnome3-team_gnome3_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
9D542E3D52C801D9F8E31682F1773AF13B1510FD (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)
W: 
gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
 The repository is insufficiently signed by key 
4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)

W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_numix_ppa_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
43E076121739DEE5FB96BBED52B709720F164EEB (weak digest)
W: 
gpgv:/var/lib/apt/lists/dl.google.com_linux_earth_deb_dists_stable_Release.gpg: 
The repository is insufficiently signed by key 
4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_otto-kesselgulasch_gimp-edge_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
FB97E9C3A97F85C095AEA7903BDAAC08614C4B38 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-19 Thread Rich Bos 
Confirming the bug here, I have the following on my server -

W: 
gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_vivid_InRelease:
 The repository is insufficiently signed by key 
7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_jpsutton_cockpit_ubuntu_dists_vivid_InRelease:
 The repository is insufficiently signed by key 
7B6B809DC0F2DEF09DE284E6BB3BA55A3E4F2C0C (weak digest)
W: 
gpgv:/var/lib/apt/lists/ppa.launchpad.net_webupd8team_java_ubuntu_dists_xenial_InRelease:
 The repository is insufficiently signed by key 
7B2C3B0889BF5709A105D03AC2518248EEA14886 (weak digest)
W: 
gpgv:/var/lib/apt/lists/webmin.mirror.somersettechsolutions.co.uk_repository_dists_sarge_Release.gpg:
 The repository is insufficiently signed by key 
1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 (weak digest)
W: gpgv:/var/lib/apt/lists/pkg.jenkins-ci.org_debian_binary_Release.gpg: The 
repository is insufficiently signed by key 
150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6 (weak digest)
W: 
gpgv:/var/lib/apt/lists/download.webmin.com_download_repository_dists_sarge_Release.gpg:
 The repository is insufficiently signed by key 
1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 (weak digest)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

2016-03-18 Thread Gunnar Hjalmarsson 
** Changed in: apt (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1558331

Title:
  message "The repository is insufficiently signed by key  (weak
  digest)" is poorly worded

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs