[trojita] [Bug 361308] "apt-get update" warning "W: http://download.opensuse.org/repositories/home:/jkt-gentoo:/trojita/Debian_8.0/Release.gpg: Signature by key 62797E5BC0F3A65DCFB2F94D121EE1B7A6A36662 uses weak digest algorithm (SHA1)"

Sat, 02 Apr 2016 10:10:15 -0700 

https://bugs.kde.org/show_bug.cgi?id=361308

Jan Kundrát <j...@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |UPSTREAM

--- Comment #1 from Jan Kundrát <j...@kde.org> ---
Yeah, we are aware of this. Unfortunately, this is not about a key strength or
a key algorithm (we've already regenerated the key). It's about a hard-coded
constant in the OpenSuSE's Open Build Service's signing component which
specifies that the package signatures should use SHA1 as the hashing algorithm.

I've opened a bugreport at https://github.com/openSUSE/obs-sign/issues/5 .
Please note that the OBS is a hosted service and we cannot do anything to
change it.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to