[Bug 1558331] Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"
Michael Marley
michael at michaelmarley.com
Thu Mar 17 10:24:22 UTC 2016
Hmm, it looks like the combination of the warnings and errors may be
especially confusing. I have several PPAs and the Google Chrome
repository on my system. The PPAs have the packages themselves signed
with SHA256, but the GPG key is only SHA1. These repositories should
work, but display an error message after an "aptitude update". The
packages in the Chrome repository are signed only with SHA1, so those
won't work at all, producing an error message. However, Synaptic
displays all the warnings and errors together and says that it is an
Error, which tricked me into thinking that none of the repositories
would work.
Obviously, the PPAs need to be updated to use a stronger key. I can't
see any way to do this manually though.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1558331
Title:
After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-
party repositories become unusable with "The repository is
insufficiently signed by key (weak digest)"
Status in apt package in Ubuntu:
Confirmed
Bug description:
The title pretty much says it all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331/+subscriptions
More information about the foundations-bugs
mailing list