Hello!
Since some days I get the following error, when I try to update the system:
W: gpgv:/var/lib/apt/lists/sparkylinux.org_repo_dists_testing_InRelease: The repository is insufficiently signed by key 9F5CDA37669C216973D771F61CE63BD7D117204E (weak digest)
W: gpgv:/var/lib/apt/lists/deb.playonlinux.com_dists_squeeze_InRelease: The repository is insufficiently signed by key 74F7358425EEB6176094C884E0F72778C4676186 (weak digest)
W: gpgv:/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't support architecture 'i386'
W: gpgv:/var/lib/apt/lists/APT.spideroak.com_ubuntu-spideroak-hardy_dists_release_Release.gpg: The repository is insufficiently signed by key FE45E5330B11DCF03247EF49A6FF22FF08C15DD0 (weak digest)
W: gpgv:/var/lib/apt/lists/partial/dl.google.com_linux_earth_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
W: gpgv:/var/lib/apt/lists/linux.dropbox.com_debian_dists_sid_Release.gpg: The repository is insufficiently signed by key 1C61A2656FB57B7E4DE0F4C1FC918B335044912E (weak digest)
W: Failed to fetch http://dl.google.com/linux/earth/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_earth_deb_dists_stable_Release, which is considered strong enough for security purposes
W: Failed to fetch http://APT.spideroak.com/ubuntu-spideroak-hardy/dists/release/Release No Hash entry in Release file /var/lib/apt/lists/APT.spideroak.com_ubuntu-spideroak-hardy_dists_release_Release, which is considered strong enough for security purposes
What is wrong?
regards
thomas
I thought about posting this from Debian Planet a few days ago. It might be
https://blog.ganneff.de/2016/03/removing-checksums.html
https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/
I have not fired up sparky, had to go sit with someone at hospital (I got paid).
peace out,
Edit added
https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/
I got similar "weak digest" messages from synaptic today with respect to the repos of sparky, vivaldi and linuxmint.
The update/upgrade process still works as before but apt (starting with version 1.2.7) now triggers a warning if a repository still uses a key with SHA1 because SHA1 is no longer considered trustworthy.
This is not something we (the users) can change. It has to be done by the repositories' maintainers.
Thank you for the information.
regards
thomas
It's alredy fixed.
Thanks @ pavroo.
You are quicker than vivaldi or linuxmint ;)