Apt warning
gregorydk opened this issue ยท 8 comments
After every apt-get update, following warning:
W: gpgv:/var/lib/apt/lists/www.a9f.eu_apt_atom_debian_dists_jessie_InRelease: The repository is insufficiently signed by key A1D267C030C00DCB877900ED939C61C5D1270819 (weak digest)
Probably because you use SHA1 or weak digest algorithms.
Thanks for your report. You're probably right, but I need to discover how to enable sha256 in aptly. I'll investigate.
I confirm the commit that enables sha256 has been committed only very recently in aptly:
I employ stable releases. As soon as a stable release is produced, the repos will be sha256 signed. I'll update this ticket then.
Just chiming in, that these warnings are enabled by default in Ubuntu Xenial.
So it would probably be most practical for end-users if this update would be available at the moment Xenial will be released.
Hello, there was no release from aptly yet. I'll try opening a ticket and see if they do one.
I have updated my aptly instance. The only issue is, redeploying an already deployed snapshot is a bit messy.
Since it's only a warning, I'd just wait for the next Atom release; then the repository will be sha256-signed.
I'll keep this open until such time.
Hello,
Atom 1.7.2 has been released. I've tried installing it on a Xenial docker container and succeeded with no warning. Could you confirm everything is currently right?
Yes, no more warnings :-)
๐