[Touch-packages] [Bug 1562733] Re: apt signature requierements prevent updates from some repositories

Mon, 28 Mar 2016 02:21:01 -0700 

This is fixed in my bugfix/sha1-deprecated branch:

 https://github.com/julian-
klode/apt/compare/master...bugfix/sha1-deprecated

I spent half my night working on it. David also has a more involved
branch fixing this as well and further generalizing stuff, but I think
we should go with a less intrusive solution for now.

I know that it's somewhat unclear that the repository owner is
responsible, but I don't really feel like adding another message for
that, as I want to get the messages translated now, and I'm not sure
it's possible in a sensible way. It also helps people think about what
repositories they use and remove unneeded ones, like Google's talkplugin
if they use Chrome.

** Changed in: apt (Ubuntu)
       Status: New => In Progress

** Changed in: apt (Ubuntu)
     Assignee: (unassigned) => Julian Andres Klode (juliank)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1562733

Title:
  apt signature requierements prevent updates from some repositories

Status in apt package in Ubuntu:
  In Progress

Bug description:
  Since xenial updated the requirements for the strength of PGP
  signatures of packages, packages from some repositories are no longer
  updated. Apt-get update reports these errors:

  E: Failed to fetch http://[...]/Release  No Hash entry in Release file 
/var/lib/apt/lists/partial/[...] which is considered strong enough for security 
purposes
  E: Some index files failed to download. They have been ignored, or old ones 
used instead.

  While the motivation for the change is valid, the result is a
  potential security problem, as the new versions of the packages that
  may fix recently discovered vulnerabilities are not automatically
  installed.

  One less important but unfortunate effect is a scary message that is
  displayed to the user, without clear explanation that the problem
  needs to be addressed by the repository owner.

  Related: Bug #1558331

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1562733/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to