After a lot of further input, the text was changed in APT 1.2.8 to read: W: http://example.com/InRelease: Signature by key 0123456789ABCDEF0123456789ABCDEF01234567 uses weak digest algorithm (SHA1)
The other message: W: Failed to fetch http://example.com/InRelease No Hash entry in Release file /var/lib/apt/lists/partial/example.com_InRelease, which is considered strong enough for security purposes now has an E in front of it: E: Failed to fetch http://example.com/InRelease No Hash entry in Release file /var/lib/apt/lists/partial/example.com_InRelease, which is considered strong enough for security purposes This should hopefully clarify things and be less annoying. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
