IMO, this verification and error message needs to be removed from Xenial before it ships in April. Right now, all major external repositories have not made the switch from SHA1, not even PPAs hosted by Canonical itself.
The graphical updater shows a cryptic and unhelpful error message (Check your Internet connection.) because of this and I cannot imagine the amount of confusion that will ensue following Xenial's release if this is not reverted. I've seen *very frequently* people come at LUGs totally confused and thinking their Ubuntu install is broken because of very similar issues. I personally have an external repository hosted on openSUSE Build Service which is unusable right now on Xenial because of this. I had to find out about the upgrade from SHA1 to SHA2 as a regular user and not as a repository maintainer, and even if I wanted to do something about it, I can't because it's openSUSE's responsibility to do it. The exact same thing is true for everyone using PPAs on Launchpad. A bunch of warnings should not result in an error (E: Some index files failed to download. They have been ignored, or old ones used instead.) and it should totally NOT tell non technical users to "Check their Internet connection"! SHA1 was OK for a good number of years amd all of a sudden, it becomes so insecure that it should break user's installs? While it is perfectly valid to switch to the superior, more secure SHA2, this migration should NOT be done in such a brutal way, at the expense of normal users and without any kind of notification to external package maintainers. If SHA1 isn't accepted alongside SHA2 without any repercussions for normal users for at least the next couple years, the result *will be disastrous*. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558331 Title: message "The repository is insufficiently signed by key (weak digest)" is poorly worded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
