Release.gpg: Signature by key 62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak digest algorithm (SHA1)"

Thomas Hackert via KDE Bugzilla Sat, 02 Apr 2016 03:04:52 -0700

https://bugs.kde.org/show_bug.cgi?id=361308


            Bug ID: 361308
           Summary: "apt-get update" warning "W:
                    http://download.opensuse.org/repositories/home:/jkt-ge
                    ntoo:/trojita/Debian_8.0/Release.gpg: Signature by key
                    62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak
                    digest algorithm (SHA1)"
           Product: trojita
           Version: git
          Platform: Debian testing
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: Other
          Assignee: trojita-b...@kde.org
          Reporter: thack...@nexgo.de

Hello @ll,
not sure, if I have chosen the right component and such. If I did any mistake,
feel free to change it accordingly :)

Now to my problem:

When I am trying to update my package list, I get the warning
<quote>
W:
http://download.opensuse.org/repositories/home:/jkt-gentoo:/trojita/Debian_8.0/Release.gpg:
Signature by key 62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak digest
algorithm (SHA1)
</quote>
every time ... :( Searching the web for "apt-get" and "weak digest algorithm"
leads me to https://juliank.wordpress.com/ and
https://wiki.debian.org/Teams/Apt/Sha1Removal. A further research revealed that
most of my additional repositories have this problem. Now I want to ask you to
regenerate a new key for your Debian (and other distributions as well) package,
please. I also found https://www.debian-administration.org/users/dkg/weblog/48,
but as a non developer I am not sure, if it is doable at all ... :(
Sorry for the inconvenience and have a nice day
Thomas


Reproducible: Always

Steps to Reproduce:
1. Follow the instructions on
https://software.opensuse.org/download.html?project=home:jkt-gentoo:trojita&package=trojita-nightly
to add the repository and its key to apt.
2. Start "apt-get update"

Actual Results:  
You will get a warning
<quote>
W:
http://download.opensuse.org/repositories/home:/jkt-gentoo:/trojita/Debian_8.0/Release.gpg:
Signature by key 62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak digest
algorithm (SHA1)
</quote>

Expected Results:  
"apt-get update" does not warn about the "weak digest algorithm"

Operating system: Debian Testing AMD64
Trojita: 0.5.git.1458329333.12e4110

-- 
You are receiving this mail because:
You are watching all bug changes.

[trojita] [Bug 361308] New: "apt-get update" warning "W: http://download.opensuse.org/repositories/home:/jkt-gentoo:/trojita/Debian_8.0/Release.gpg: Signature by key 62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak digest algorithm (SHA1)"

Reply via email to