Debian Repository - Signature by key 2C…99 uses weak digest algorithm (SHA1)

vsespb / mt-aws-glacier

Perl Multithreaded Multipart sync to Amazon Glacier

http://mt-aws.com/

GNU General Public License v3.0

536 stars 57 forks source link

Debian Repository - Signature by key 2C…99 uses weak digest algorithm (SHA1) #117

Open vsespb opened 8 years ago

vsespb commented 8 years ago

@ChrisChiappa from twitter reports:

@mtglacier Can the debian repos be updated? W: dl.mt-aws.com/debian/current…: Signature by key 2C…99 uses weak digest algorithm (SHA1)

not sure how to reproduce. Tried Debian 8 (adding key, apt-get update), and no warning.

CChiappa commented 8 years ago

I'm on Debian unstable. It looks like deprecation of SHA-1 is a somewhat new apt change: https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/

vsespb commented 8 years ago

Thanks! I need to think what to do

johanneskloos commented 6 years ago

The issue is still standing: The problem is the that InRelease file (at least) uses a SHA-1 hash by default, which modern APT does not like. I suppose you need to update your repository administration tools.

johanneskloos commented 6 years ago

See https://wiki.debian.org/Teams/Apt/Sha1Removal for dealing with this.