You have been subscribed to a public bug:
We are currently removing support for SHA1 in APT, which I think is
reasonably with xenial being supported until 2021. In the process, I
noticed that the InRelease files generated by launchpad uses SHA1
digests for the GPG signature. Please change that to SHA512 or SHA256
soon.
We might not start considering SHA1 as weak for the purpose of the GPG
signatures yet, because that might break the hole world (various 3rd
parties seem affected), but if we don't now, we might start doing that
in a stable release update.
** Affects: ubuntu
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Fix Committed
** Tags: qa-ok
--
PPA (In)Release files use SHA1 digests for GPG signature
https://bugs.launchpad.net/bugs/1556666
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
