Don't change the assignment on a (fixed) issue please, yon.
** Changed in: apt (Ubuntu)
Assignee: yon (thornyon) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
** Changed in: apt (Ubuntu)
Assignee: (unassigned) => yon (thornyon)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
See also https://github.com/rabbitmq/rabbitmq-server/issues/906
** Bug watch added: github.com/rabbitmq/rabbitmq-server/issues #906
https://github.com/rabbitmq/rabbitmq-server/issues/906
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Also
W: http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg:
Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest
algorithm (SHA1)
W: http://liveusb.info/multisystem/depot/dists/all/Release.gpg: Signature by
key
@angel-granados-j This bug is about the wording of the error message, not the
fact that the error may appear.
For how to avoid it I suggest you ask elsewhere, the ubuntu-users email list
for example.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
I have a owncloud 9 with Ubuntu 16.04. Today has started this error when
I try to do apt-get update.
I have my own local repo and am getting this error for it whenever I try
to do apt-get update. I even recently updated the key I use to sign it
to RSA/RSA 2048/2048 and also add the two lines in
It seems that MongoDB is also broken due to this
https://jira.mongodb.org/browse/SERVER-23397
Workarounds?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
I have also same problem with Google Earth
http://dl.google.com/linux/earth/deb/dists/stable/Release.gpg: Signature
by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest
algorithm (SHA1)Failed to fetch
http://dl.google.com/linux/earth/deb/dists/stable/Release No Hash entry
in Release
Sorry for the noise due to my previous comment #86. It is unrelated to
this bug and it was because I was not generating the appropriate SHA256
lines in the Release file. Sorry again.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
I have my own local repo and am getting this error for it whenever I try
to do apt-get update. I even recently updated the key I use to sign it
to RSA/RSA 2048/2048 and also add the two lines in ~/.gnupg/gpg.conf:
cert-digest-algo SHA256
digest-algo SHA256
as recommended at
Thanks, I see the problem now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is insufficiently signed by key (weak
digest)" is
@Dirk That's a completely different error type. Your release file only
contains an MD5Sum field. Look at the broken repositories section in
https://wiki.debian.org/Teams/Apt/Sha1Removal
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Attachment added: "Archive containing Release, Release.gpg and the public
key that should authenticate them"
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+attachment/4674400/+files/example.tgz
--
You received this bug notification because you are a member of Ubuntu
Touch
I switched to signing my repository with SHA512 encoded 4096 bit key. I
still get the same error (No Hash entry in Release file ... which is
considered strong enough ...). This is on Xubuntu Xenial 16.04 (amd64),
apt version 1.2.10ubuntu1. I checked with apt-key, and the public
version of the
@varlesh the information you provided is incomplete. Please tell the
developers why exactly you think that the information is incorrectly
worded, or what the correct wording is. Otherwise the input you provided
might be missed. This message seems to be consistent for all
repositories that are
apt - 1.2.10ubuntu1
ubuntu xenial amd64
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by
key
@Mahmoud F.Elshazly (elshazly5) this bug is about the wording of a
message, not about specific repositories.
However, only one of the repositories is an Ubuntu repo, and that one is
for trusty not xenial, so it is not appropriate to be using it at all.
For the non-ubuntu repos you will have to
Ubuntu 16.04 after upgrading
in my terminal apt-get update answered:
W: http://www.scootersoftware.com/dists/bcompare4/Release.gpg: Signature by key
C9467A8216C570CDFBAC3AFD331D6DDE7F8840CE uses weak digest algorithm (SHA1)
W: http://download.videolan.org/pub/debian/stable/Release.gpg:
** Changed in: apt (Ubuntu)
Assignee: brad (bradmiller200593) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
in my terminal apt-get update answered:
W: http://archive.getdeb.net/ubuntu/dists/xenial-getdeb/InRelease:
Signature by key 1958A549614CE21CFC27F4BAA8A515F046D7E7CF uses weak
digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key
Gajim:
W: ftp://ftp.gajim.org/debian/dists/unstable/InRelease: Signature by key
95306A3F5430B830FE23ACEF838BC5151E5526DE uses weak digest algorithm
(SHA1)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
** Changed in: apt (Ubuntu)
Assignee: (unassigned) => brad (bradmiller200593)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
Same problem here with Google Chrome repository. I hope that Google
address it soon.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
Hello!! :)
I've installed Ubuntu 16.04, fresh install and I've this problem with
Chrome.
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak
digest algorithm (SHA1)
Best regards!!
--
You received this bug
It is actually correct. Compare with comment #30. The message is
supposed to be worded this way.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The
In my case it's only the Virtualbox Repo
W:
http://download.virtualbox.org/virtualbox/debian/dists/xenial/InRelease:
Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak
digest algorithm (SHA1)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Ubuntu 16.04 LTS xenial beta amd64 (2016 0416) - i have only problem
with SHA1 while installing www.webmin.com
W:
http://webmin.mirror.somersettechsolutions.co.uk/repository/dists/sarge/Release.gpg:
Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest
algorithm (SHA1)
W:
Injigo, Beta 2 indeed had this problem, but it's already been fixed in
more recent daily builds.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The
I'm getting this error in a live session of Ubuntu 16.04 Desktop Beta 2
amd64 when I run "sudo apt-get update". This is a fresh boot running
directly from an ISO booted from the hard drive. I've added no PPA's.
ubuntu@ubuntu:~$ sudo apt-get update
Ign:1 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ -
@Williamforte which one? Copy/paste the relevant section here from the
terminal.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
I get this same error on Ubuntu 16.04 Desktop Beta 2 amd64 when I run
`sudo apt-get update` in reference to one of the official Xenial repos.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
As per my most recent comment on bug 155, this is now fixed for all
xenial Release files in PPAs. Pre-xenial Release files are less
important numerically for this, but we know that some people have them
enabled on xenial systems, so we'll be re-signing those too over the
coming weeks.
--
Edd, if you read up through this bug log you'll see a reference to bug
155, which has status on getting this sorted out for PPAs. Please,
everyone, stop telling us about PPAs that are weakly signed; we know
about it, we're working on it, and further comments are not going to
make it happen
My system is fully updated, but still getting these errors.
Is there anyway that launchpad could please let the people responsible
for these repos to 'get their ffing finger out'?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
Apologies, I misread your message.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is insufficiently signed by key (weak
digest)" is
I did update my apt to 1.2.9 today and I'm still getting this warning
...
W:
http://ppa.launchpad.net/nijel/phpmyadmin/ubuntu/dists/xenial/InRelease:
Signature by key AD829E29A018BAF8C3842FB080E7349A06ED541C uses weak
digest algorithm (SHA1)
--
You received this bug notification because you are
Stop spamming and update your APT (including libapt-pkg5.0 !!!) to 1.2.8
or 1.2.9.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
This bug report was about a message string which has been fixed
since.
Still not fixed..!
W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg-
edgers_ppa_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key 165D673674A995B3E64BF0CF4F191A5A8844C542
(weak digest)
W:
I've opened Bug #1562733 about failed updates due to "No Hash entry in
Release file ... which is considered strong enough for security
purposes"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
But note that this is off-topic for this bug report. This bug report was
about a message string which has been fixed since.
So, please for all our sanity, stop commenting here.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
JFTR, I am looking at ways to drop the missing hash entry to a warning
before the xenial release. But if I do this, this will be temporarily,
and will become an error again starting in January. It will also not
apply to the Nvidia repository, as MD5 is too weak to be trusted in any
case.
But
@Jen There is no workaround. The small number of affected repos should
be fixed instead. Even of the reported 20 cases in
https://wiki.debian.org/Teams/Apt/Sha1Removal, only 4/5 instances are
broken, the other 16 only emit a warning. Out of the Google
repositories, the only active ones are Chrome
@Krzysztof Kowalewski (krzysztofkow92) (Half-)Broken repositories are
tracked at
https://wiki.debian.org/Teams/Apt/Sha1Removal
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
OK, so maybe one repository is fixed now. What about the rest that we
need?
Is there a workaround for installing from a repo that doesn't use SHA256
yet?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
That makes no sense, Jen, the repository was fixed last week, see:
https://bugs.chromium.org/p/chromium/issues/detail?id=594414
$ curl -s http://dl.google.com/linux/chrome/deb/dists/stable/Release | egrep
'Date|SHA2'
Date: Thu, 24 Mar 2016 17:24:39 +
SHA256:
I know this because I use the
Julian, installing Chrome is blocked. The line starts with an "E:" so
it is an error! The message:
"No Hash entry in Release file
/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release,
which is considered strong enough for security purposes"
Is there a workaround? My users
@Jen: Just because some indexes failed to download does not mean that
Chrome failed to download. Please actually *read* the error messages.
Those saying "Failed to fetch" failed, the others did not.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
This update just came up now for Xenial:
Cambios para las versiones de apt:
Versión instalada: 1.2.7
Versión disponible: 1.2.8
Versión 1.2.8:
[ Michael Vogt ]
* Get accurate progress reporting in apt update again
[ Julian Andres Klode ]
* Report non-transient errors as errors, not as
> This doesn't block installing Chrome - it's just a warning.
Colin, it does block installing Chrome:
$ sudo apt-get update ; echo $?
...
E: Some index files failed to download. They have been ignored, or old ones
used instead.
100
--
You received this bug notification because you are a
W: http://ppa.launchpad.net/diesch/testing/ubuntu/dists/vivid/InRelease:
Signature by key E53B0E36210D2EDBFA94E8AB5AF549300FEB6DD9 uses weak digest
algorithm (SHA1)
W: http://repository.spotify.com/dists/stable/InRelease: Signature by key
BBEBDCB318AD50EC6865090613B00F1FD2C19886 uses weak
Which means that everything is working intended now.
Don't even complain about Nvidia, that was broken with 1.1 as well, it
only has MD5 checksums.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
@juliank:
This is still a problem, at least with some repos:
1. `apt-get update` returns a non-zero exit code and so automated scripts that
do `apt-get update && apt-get install ...` will fail to install the required
packages.
2. Even if we ignore the error, the index files are not being
Also removed the affects apt thing, as there is no bug in the Debian
BTS, and APT does not use Launchpad to track bugs.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Since APT 1.2.8, the message has been changed, and the "Hash Entry"
error message is now "E" instead of "W", so we can close that now.
1.2.9 in proposed also removes the misleading comma in the hash entry
message.
** Changed in: apt (Ubuntu)
Status: Confirmed => Fix Released
** No longer
Just for the record, with the Google Chrome and Talk repos it looks like
this now:
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by
key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
N: Skipping acquire of configured file
On Sat, Mar 26, 2016 at 09:54:16PM -, Jen Wilson wrote:
> This should have been a warning for one release before making it a
> blocking issue. I know Ubuntu hates Google and doesn't want us to
> install Chrome, but many of us need it.
This doesn't block installing Chrome - it's just a
The same problem:
http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease:
Signature by key W:
http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease:
Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest
algorithm (SHA1)
W:
This should have been a warning for one release before making it a
blocking issue. I know Ubuntu hates Google and doesn't want us to
install Chrome, but many of us need it. Telling us what we are allowed
or not allowed to install is something Microsoft would do. These are
our computers. Please
** Also affects: apt
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is insufficiently
Oops! forgot to include what I Googled on: "The repository is
insufficiently signed"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository
I did a Google search on " " and found this old (2009) article from
Debian concerning the algorithm used for signing the package digest:
https://www.debian-administration.org/users/dkg/weblog/48
Is it applicable to this issue?
--
You received this bug notification because you are a member of
Turns out that the issue is not as bad as I thought it was. The error
message was due to a single repo and not all the repos showing warnings.
Removing it got rid of the error message in both the terminal and the
GUI updater. The affected repo was the Google Talk Plugin:
W: Failed to fetch
IMO, this verification and error message needs to be removed from Xenial before
it ships in April.
Right now, all major external repositories have not made the switch from SHA1,
not even PPAs hosted by Canonical itself.
The graphical updater shows a cryptic and unhelpful error message (Check
Cannot install Hipchat either
W: Failed to fetch https://atlassian.artifactoryonline.com/atlassian
/hipchat-apt-client/dists/xenial/Release No Hash entry in Release file
/var/lib/apt/lists/partial/atlassian.artifactoryonline
.com_atlassian_hipchat-apt-client_dists_xenial_Release, which is
Is there a way to force my system to accept these keys anyway? I'd much
prefer to be warned that this is using a less secure hash rather than
being blocked from accessing these repos.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Considering Debian doesn't allow new account creation on it's Wiki, I'll
just post it here so someone else can add it to their list:
RAVEfinity PPA
gpgv:/var/lib/apt/lists/ppa.launchpad.net_ravefinity-
project_ppa_ubuntu_dists_xenial_InRelease: The repository is
insufficiently signed by key
We had the intention (#818639) but forgot it then so only zh_CN was
fixed in 1.2.8 … I commited the comma-drop now [I would like to claim
that this comma makes perfect sense in German but even there it is a bit
strange].
--
You received this bug notification because you are a member of Ubuntu
On Thu, Mar 24, 2016 at 09:16:22PM -, Julian Andres Klode wrote:
> E: Failed to fetch http://example.com/InRelease No Hash entry in Release
> file /var/lib/apt/lists/partial/example.com_InRelease, which is
> considered strong enough for security purposes
Could you please drop that comma while
After a lot of further input, the text was changed in APT 1.2.8 to read:
W: http://example.com/InRelease: Signature by key
0123456789ABCDEF0123456789ABCDEF01234567 uses weak digest algorithm
(SHA1)
The other message:
W: Failed to fetch http://example.com/InRelease No Hash entry in Release
file
You do not need to do anything if you have your own PPA. Furthermore,
people do not need to keep reporting individual PPAs that are signed
with weak digests. We'll fix them in bulk, hopefully quite soon (still
working on the last bits of code for that).
--
You received this bug notification
If I have my own ppa, do I need to do anything? It's not 100% clear in
this thread.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is
I tried that already with no luck.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is insufficiently signed by key (weak
digest)" is
Re-add the PPAs.
On Wed, Mar 23, 2016 at 9:15 PM, Flávio Oliveira
wrote:
> All PPAs I have, on the site launchpad says are compatible with Ubuntu
> 16.04
>
> W:
> gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
> The repository is
All PPAs I have, on the site launchpad says are compatible with Ubuntu
16.04
W:
gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg:
The repository is insufficiently signed by key
4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
W:
Yes, see my most recent comment in bug 155 for the current state of
things with regard to ppa.launchpad.net.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
Hi,
I'm just uploaded new gegl and gimp packages. to my PPA -
ppa:otto-kesselgulasch/gimp-edge new gegl and gimp packages.
After building I don't had no trouble anymore with apt-get update and apt-get
upgrade.
I added
"personal-digest-preferences SHA256
cert-digest-algo SHA256
Estoy presentando el mismo inconveniente con estas ppa
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_telegram_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest)
W:
Many repositories are affected:
As already reported, Google's repos and:
AppGrid
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_appgrid_stable_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
F9A8B020F741A5B52B888A88241FE6973B765FAE (weak digest)
Intel Graphics
W:
I dont think this is a bug. The wording says what the issue is. The Key
used is only sha1 which is considered too weak. The ones using that old
Keys should fix their repos and make proper signing.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Same here:
W:
gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_wily_InRelease:
The repository is insufficiently signed by key
7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest)
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_cdemu_ppa_ubuntu_dists_xenial_InRelease:
The
Same bug here:
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnumdk_lollypop_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
8FAD14A04A8E87F23FB5653BDBA501177AA84500 (weak digest)
W: gpgv:/var/lib/apt/lists/repository.spotify.com_dists_stable_InRelease: The
** Changed in: apt (Ubuntu)
Assignee: trebor271074 (trebor271074) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository
** Changed in: apt (Ubuntu)
Assignee: (unassigned) => trebor271074 (trebor271074)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository
I can confirm that I've been seeing this the past couple of days too:
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest)
W:
Ironically, I tried to install some debug symbols today and also got
these messages:
W:
gpgv:/var/lib/apt/lists/partial/ddebs.ubuntu.com_dists_xenial_Release.gpg:
The repository is insufficiently signed by key
2512191FEF8729D6E5AF414DECDCAD72428D7C01 (weak digest)
--
You received this bug
For further information on the topic, take a look at the upstream wiki
page tracking broken repositories and explaining the two levels of
brokenness:
https://wiki.debian.org/Teams/Apt/Sha1Removal
Feel free to add other repositories there.
@heiko: The PPAs are pending, but WRT Google Earth:
** Summary changed:
- After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party
repositories become unusable with "The repository is insufficiently signed by
key (weak digest)"
+ message "The repository is insufficiently signed by key (weak digest)" is
poorly worded
--
You
Confirming the bug here, I have the following on my machine:
W:
gpgv:/var/lib/apt/lists/ppa.launchpad.net_git-core_ppa_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key
E1DD270288B4E6030699E45FA1715D88E1DF1F24 (weak digest)
W:
Confirming the bug here, I have the following on my server -
W:
gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_vivid_InRelease:
The repository is insufficiently signed by key
7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest)
W:
** Changed in: apt (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
message "The repository is insufficiently signed by
90 matches
Mail list logo