[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Don't change the assignment on a (fixed) issue please, yon. ** Changed in: apt (Ubuntu) Assignee: yon (thornyon) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Assignee: (unassigned) => yon (thornyon) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

See also https://github.com/rabbitmq/rabbitmq-server/issues/906 ** Bug watch added: github.com/rabbitmq/rabbitmq-server/issues #906 https://github.com/rabbitmq/rabbitmq-server/issues/906 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Also W: http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg: Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest algorithm (SHA1) W: http://liveusb.info/multisystem/depot/dists/all/Release.gpg: Signature by key

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@angel-granados-j This bug is about the wording of the error message, not the fact that the error may appear. For how to avoid it I suggest you ask elsewhere, the ubuntu-users email list for example. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I have a owncloud 9 with Ubuntu 16.04. Today has started this error when I try to do apt-get update. I have my own local repo and am getting this error for it whenever I try to do apt-get update. I even recently updated the key I use to sign it to RSA/RSA 2048/2048 and also add the two lines in

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

It seems that MongoDB is also broken due to this https://jira.mongodb.org/browse/SERVER-23397 Workarounds? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I have also same problem with Google Earth http://dl.google.com/linux/earth/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)Failed to fetch http://dl.google.com/linux/earth/deb/dists/stable/Release No Hash entry in Release

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Sorry for the noise due to my previous comment #86. It is unrelated to this bug and it was because I was not generating the appropriate SHA256 lines in the Release file. Sorry again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I have my own local repo and am getting this error for it whenever I try to do apt-get update. I even recently updated the key I use to sign it to RSA/RSA 2048/2048 and also add the two lines in ~/.gnupg/gpg.conf: cert-digest-algo SHA256 digest-algo SHA256 as recommended at

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Thanks, I see the problem now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Dirk That's a completely different error type. Your release file only contains an MD5Sum field. Look at the broken repositories section in https://wiki.debian.org/Teams/Apt/Sha1Removal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Attachment added: "Archive containing Release, Release.gpg and the public key that should authenticate them" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+attachment/4674400/+files/example.tgz -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I switched to signing my repository with SHA512 encoded 4096 bit key. I still get the same error (No Hash entry in Release file ... which is considered strong enough ...). This is on Xubuntu Xenial 16.04 (amd64), apt version 1.2.10ubuntu1. I checked with apt-key, and the public version of the

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@varlesh the information you provided is incomplete. Please tell the developers why exactly you think that the information is incorrectly worded, or what the correct wording is. Otherwise the input you provided might be missed. This message seems to be consistent for all repositories that are

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

apt - 1.2.10ubuntu1 ubuntu xenial amd64 W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Mahmoud F.Elshazly (elshazly5) this bug is about the wording of a message, not about specific repositories. However, only one of the repositories is an Ubuntu repo, and that one is for trusty not xenial, so it is not appropriate to be using it at all. For the non-ubuntu repos you will have to

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Ubuntu 16.04 after upgrading in my terminal apt-get update answered: W: http://www.scootersoftware.com/dists/bcompare4/Release.gpg: Signature by key C9467A8216C570CDFBAC3AFD331D6DDE7F8840CE uses weak digest algorithm (SHA1) W: http://download.videolan.org/pub/debian/stable/Release.gpg:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Assignee: brad (bradmiller200593) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

in my terminal apt-get update answered: W: http://archive.getdeb.net/ubuntu/dists/xenial-getdeb/InRelease: Signature by key 1958A549614CE21CFC27F4BAA8A515F046D7E7CF uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Gajim: W: ftp://ftp.gajim.org/debian/dists/unstable/InRelease: Signature by key 95306A3F5430B830FE23ACEF838BC5151E5526DE uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Assignee: (unassigned) => brad (bradmiller200593) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Same problem here with Google Chrome repository. I hope that Google address it soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Hello!! :) I've installed Ubuntu 16.04, fresh install and I've this problem with Chrome. W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) Best regards!! -- You received this bug

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

It is actually correct. Compare with comment #30. The message is supposed to be worded this way. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

In my case it's only the Virtualbox Repo W: http://download.virtualbox.org/virtualbox/debian/dists/xenial/InRelease: Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest algorithm (SHA1) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Ubuntu 16.04 LTS xenial beta amd64 (2016 0416) - i have only problem with SHA1 while installing www.webmin.com W: http://webmin.mirror.somersettechsolutions.co.uk/repository/dists/sarge/Release.gpg: Signature by key 1719003ACE3E5A41E2DE70DFD97A3AE911F63C51 uses weak digest algorithm (SHA1) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Injigo, Beta 2 indeed had this problem, but it's already been fixed in more recent daily builds. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I'm getting this error in a live session of Ubuntu 16.04 Desktop Beta 2 amd64 when I run "sudo apt-get update". This is a fresh boot running directly from an ISO booted from the hard drive. I've added no PPA's. ubuntu@ubuntu:~$ sudo apt-get update Ign:1 cdrom://Ubuntu 16.04 LTS _Xenial Xerus_ -

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Williamforte which one? Copy/paste the relevant section here from the terminal. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I get this same error on Ubuntu 16.04 Desktop Beta 2 amd64 when I run `sudo apt-get update` in reference to one of the official Xenial repos. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

As per my most recent comment on bug 155, this is now fixed for all xenial Release files in PPAs. Pre-xenial Release files are less important numerically for this, but we know that some people have them enabled on xenial systems, so we'll be re-signing those too over the coming weeks. --

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Edd, if you read up through this bug log you'll see a reference to bug 155, which has status on getting this sorted out for PPAs. Please, everyone, stop telling us about PPAs that are weakly signed; we know about it, we're working on it, and further comments are not going to make it happen

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

My system is fully updated, but still getting these errors. Is there anyway that launchpad could please let the people responsible for these repos to 'get their ffing finger out'? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Apologies, I misread your message. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I did update my apt to 1.2.9 today and I'm still getting this warning ... W: http://ppa.launchpad.net/nijel/phpmyadmin/ubuntu/dists/xenial/InRelease: Signature by key AD829E29A018BAF8C3842FB080E7349A06ED541C uses weak digest algorithm (SHA1) -- You received this bug notification because you are

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Stop spamming and update your APT (including libapt-pkg5.0 !!!) to 1.2.8 or 1.2.9. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

This bug report was about a message string which has been fixed since. Still not fixed..! W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_xorg- edgers_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 165D673674A995B3E64BF0CF4F191A5A8844C542 (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I've opened Bug #1562733 about failed updates due to "No Hash entry in Release file ... which is considered strong enough for security purposes" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

But note that this is off-topic for this bug report. This bug report was about a message string which has been fixed since. So, please for all our sanity, stop commenting here. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

JFTR, I am looking at ways to drop the missing hash entry to a warning before the xenial release. But if I do this, this will be temporarily, and will become an error again starting in January. It will also not apply to the Nvidia repository, as MD5 is too weak to be trusted in any case. But

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Jen There is no workaround. The small number of affected repos should be fixed instead. Even of the reported 20 cases in https://wiki.debian.org/Teams/Apt/Sha1Removal, only 4/5 instances are broken, the other 16 only emit a warning. Out of the Google repositories, the only active ones are Chrome

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Krzysztof Kowalewski (krzysztofkow92) (Half-)Broken repositories are tracked at https://wiki.debian.org/Teams/Apt/Sha1Removal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

OK, so maybe one repository is fixed now. What about the rest that we need? Is there a workaround for installing from a repo that doesn't use SHA256 yet? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

That makes no sense, Jen, the repository was fixed last week, see: https://bugs.chromium.org/p/chromium/issues/detail?id=594414 $ curl -s http://dl.google.com/linux/chrome/deb/dists/stable/Release | egrep 'Date|SHA2' Date: Thu, 24 Mar 2016 17:24:39 + SHA256: I know this because I use the

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Julian, installing Chrome is blocked. The line starts with an "E:" so it is an error! The message: "No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release, which is considered strong enough for security purposes" Is there a workaround? My users

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@Jen: Just because some indexes failed to download does not mean that Chrome failed to download. Please actually *read* the error messages. Those saying "Failed to fetch" failed, the others did not. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

This update just came up now for Xenial: Cambios para las versiones de apt: Versión instalada: 1.2.7 Versión disponible: 1.2.8 Versión 1.2.8: [ Michael Vogt ] * Get accurate progress reporting in apt update again [ Julian Andres Klode ] * Report non-transient errors as errors, not as

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

> This doesn't block installing Chrome - it's just a warning. Colin, it does block installing Chrome: $ sudo apt-get update ; echo $? ... E: Some index files failed to download. They have been ignored, or old ones used instead. 100 -- You received this bug notification because you are a

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

W: http://ppa.launchpad.net/diesch/testing/ubuntu/dists/vivid/InRelease: Signature by key E53B0E36210D2EDBFA94E8AB5AF549300FEB6DD9 uses weak digest algorithm (SHA1) W: http://repository.spotify.com/dists/stable/InRelease: Signature by key BBEBDCB318AD50EC6865090613B00F1FD2C19886 uses weak

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Which means that everything is working intended now. Don't even complain about Nvidia, that was broken with 1.1 as well, it only has MD5 checksums. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu.

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

@juliank: This is still a problem, at least with some repos: 1. `apt-get update` returns a non-zero exit code and so automated scripts that do `apt-get update && apt-get install ...` will fail to install the required packages. 2. Even if we ignore the error, the index files are not being

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Also removed the affects apt thing, as there is no bug in the Debian BTS, and APT does not use Launchpad to track bugs. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Since APT 1.2.8, the message has been changed, and the "Hash Entry" error message is now "E" instead of "W", so we can close that now. 1.2.9 in proposed also removes the misleading comma in the hash entry message. ** Changed in: apt (Ubuntu) Status: Confirmed => Fix Released ** No longer

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Just for the record, with the Google Chrome and Talk repos it looks like this now: W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) N: Skipping acquire of configured file

Re: [Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

On Sat, Mar 26, 2016 at 09:54:16PM -, Jen Wilson wrote: > This should have been a warning for one release before making it a > blocking issue. I know Ubuntu hates Google and doesn't want us to > install Chrome, but many of us need it. This doesn't block installing Chrome - it's just a

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

The same problem: http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: Signature by key W: http://download.virtualbox.org/virtualbox/debian/dists/wily/InRelease: Signature by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 uses weak digest algorithm (SHA1) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

This should have been a warning for one release before making it a blocking issue. I know Ubuntu hates Google and doesn't want us to install Chrome, but many of us need it. Telling us what we are allowed or not allowed to install is something Microsoft would do. These are our computers. Please

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Also affects: apt Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Oops! forgot to include what I Googled on: "The repository is insufficiently signed" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I did a Google search on " " and found this old (2009) article from Debian concerning the algorithm used for signing the package digest: https://www.debian-administration.org/users/dkg/weblog/48 Is it applicable to this issue? -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Turns out that the issue is not as bad as I thought it was. The error message was due to a single repo and not all the repos showing warnings. Removing it got rid of the error message in both the terminal and the GUI updater. The affected repo was the Google Talk Plugin: W: Failed to fetch

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

IMO, this verification and error message needs to be removed from Xenial before it ships in April. Right now, all major external repositories have not made the switch from SHA1, not even PPAs hosted by Canonical itself. The graphical updater shows a cryptic and unhelpful error message (Check

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Cannot install Hipchat either W: Failed to fetch https://atlassian.artifactoryonline.com/atlassian /hipchat-apt-client/dists/xenial/Release No Hash entry in Release file /var/lib/apt/lists/partial/atlassian.artifactoryonline .com_atlassian_hipchat-apt-client_dists_xenial_Release, which is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Is there a way to force my system to accept these keys anyway? I'd much prefer to be warned that this is using a less secure hash rather than being blocked from accessing these repos. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Considering Debian doesn't allow new account creation on it's Wiki, I'll just post it here so someone else can add it to their list: RAVEfinity PPA gpgv:/var/lib/apt/lists/ppa.launchpad.net_ravefinity- project_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

We had the intention (#818639) but forgot it then so only zh_CN was fixed in 1.2.8 … I commited the comma-drop now [I would like to claim that this comma makes perfect sense in German but even there it is a bit strange]. -- You received this bug notification because you are a member of Ubuntu

Re: [Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

On Thu, Mar 24, 2016 at 09:16:22PM -, Julian Andres Klode wrote: > E: Failed to fetch http://example.com/InRelease No Hash entry in Release > file /var/lib/apt/lists/partial/example.com_InRelease, which is > considered strong enough for security purposes Could you please drop that comma while

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

After a lot of further input, the text was changed in APT 1.2.8 to read: W: http://example.com/InRelease: Signature by key 0123456789ABCDEF0123456789ABCDEF01234567 uses weak digest algorithm (SHA1) The other message: W: Failed to fetch http://example.com/InRelease No Hash entry in Release file

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

You do not need to do anything if you have your own PPA. Furthermore, people do not need to keep reporting individual PPAs that are signed with weak digests. We'll fix them in bulk, hopefully quite soon (still working on the last bits of code for that). -- You received this bug notification

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

If I have my own ppa, do I need to do anything? It's not 100% clear in this thread. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I tried that already with no luck. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is

Re: [Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Re-add the PPAs. On Wed, Mar 23, 2016 at 9:15 PM, Flávio Oliveira wrote: > All PPAs I have, on the site launchpad says are compatible with Ubuntu > 16.04 > > W: > gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: > The repository is

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

All PPAs I have, on the site launchpad says are compatible with Ubuntu 16.04 W: gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Yes, see my most recent comment in bug 155 for the current state of things with regard to ppa.launchpad.net. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Hi, I'm just uploaded new gegl and gimp packages. to my PPA - ppa:otto-kesselgulasch/gimp-edge new gegl and gimp packages. After building I don't had no trouble anymore with apt-get update and apt-get upgrade. I added "personal-digest-preferences SHA256 cert-digest-algo SHA256

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Estoy presentando el mismo inconveniente con estas ppa W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_telegram_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Many repositories are affected: As already reported, Google's repos and: AppGrid W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_appgrid_stable_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key F9A8B020F741A5B52B888A88241FE6973B765FAE (weak digest) Intel Graphics W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I dont think this is a bug. The wording says what the issue is. The Key used is only sha1 which is considered too weak. The ones using that old Keys should fix their repos and make proper signing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Same here: W: gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_wily_InRelease: The repository is insufficiently signed by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest) W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_cdemu_ppa_ubuntu_dists_xenial_InRelease: The

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Same bug here: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_gnumdk_lollypop_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 8FAD14A04A8E87F23FB5653BDBA501177AA84500 (weak digest) W: gpgv:/var/lib/apt/lists/repository.spotify.com_dists_stable_InRelease: The

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Assignee: trebor271074 (trebor271074) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Assignee: (unassigned) => trebor271074 (trebor271074) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

I can confirm that I've been seeing this the past couple of days too: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_noobslab_themes_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 4FA44A478284A18C1BA4A9CAD530E028F59EAE4D (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Ironically, I tried to install some debug symbols today and also got these messages: W: gpgv:/var/lib/apt/lists/partial/ddebs.ubuntu.com_dists_xenial_Release.gpg: The repository is insufficiently signed by key 2512191FEF8729D6E5AF414DECDCAD72428D7C01 (weak digest) -- You received this bug

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

For further information on the topic, take a look at the upstream wiki page tracking broken repositories and explaining the two levels of brokenness: https://wiki.debian.org/Teams/Apt/Sha1Removal Feel free to add other repositories there. @heiko: The PPAs are pending, but WRT Google Earth:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Summary changed: - After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)" + message "The repository is insufficiently signed by key (weak digest)" is poorly worded -- You

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Confirming the bug here, I have the following on my machine: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_git-core_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key E1DD270288B4E6030699E45FA1715D88E1DF1F24 (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

Confirming the bug here, I have the following on my server - W: gpgv:/var/lib/apt/lists/download.virtualbox.org_virtualbox_debian_dists_vivid_InRelease: The repository is insufficiently signed by key 7B0FAB3A13B907435925D9C954422A4B98AB5139 (weak digest) W:

[Touch-packages] [Bug 1558331] Re: message "The repository is insufficiently signed by key (weak digest)" is poorly worded

** Changed in: apt (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by