[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

google chrome repositories is one of the other. It looks like SHA1 signing keys has been deprecated : https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on- apt-sha1/ Please at least add SHA2 in PPAs. -- You received this bug notification because you are a member of Ubuntu

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

I have 6 external repos configured, and all 6 fire the warning. If nothing else, the warning really needs to be re-worded. "insufficiently signed" and then (weak digest) at the end is not very straight forward. W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_js-reynaud_kicad-

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Can someone please set this bug to the highest reasonable importance? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

@Michael i've activated your 'staging' ppa , and i confirm the pachage (plasma) is not loaded as it should (synaptic used) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: After

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

No, the PPAs don't need new keys - we just need to upgrade the digest algorithm used for signing. See the bug of which I've just marked this as a duplicate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

I'm having the same issue with the google talk plugin, remmina, shutter, and variety: W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_peterlevi_ppa_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key 876E675CB1AABA3494F27BA6C45A53C1A546BE4F (weak digest) W:

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

@ Michael i've not tried your ppas, but canonical-x one, and the upgraded packages can be loaded as expected, even if the error is shown (as explained into #3 link). On your side, to upgrade your ppas, i suppose you need to: 1) purge the actual key(s), 2) build new one(s) with sha2 to please the

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Actually, I guess this may not be a duplicate because there may be other third-party repositories that need to do similar things (signing with --digest-algo SHA512 or the equivalent). But see bug 155 for the PPA case. -- You received this bug notification because you are a member of Ubuntu

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

I know that the PPAs need new keys, but it is not obvious how to do that. After extensive searching, I still cannot figure out how to do that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Hmm, it looks like the combination of the warnings and errors may be especially confusing. I have several PPAs and the Google Chrome repository on my system. The PPAs have the packages themselves signed with SHA256, but the GPG key is only SHA1. These repositories should work, but display an

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: After

[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Explanations about the 1.2.7 changelog: https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on- apt-sha1/ Indeed that message is now uselessly worrying users. Please silence that "104 warning message"; it will only scared the community. ** Tags added: xenial -- You received