'apt-get update' complains about a weak digest (SHA1) #239
Comments
takenek
changed the title
|
@takenek I get this on my servers too, however it is because the zabbix repo uses a SHA1 key and isn't directly related to this module. This should be brought to the zabbix devs attention. |
|
Thanks for information do You know where i can report this? |
|
Thanks i go there report this. Best Regards |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently debian updated the apt* tools to warn about repositories using SHA1. You should update your gpg settings to use a newer hash function (see e.g. https://askubuntu.com/questions/750133/how-can-i-fix-w-the-repository-is-insufficiently-signed-by-the-key, and https://wiki.debian.org/Teams/Apt/Sha1Removal) so that the zabbix installation will work with future debian stable systems.
Steps to reproduce
deb http://repo.zabbix.com/zabbix/3.0/debian jessie main
deb-src http://repo.zabbix.com/zabbix/3.0/debian jessie main
Expected behaviour
apt-get should download the files from the repository without complaining
Actual behaviour
apt-get gives a warning:
W: http://repo.zabbix.com/zabbix/3.0/debian/dists/jessie/InRelease: Signature by key FBABD5FB20255ECAB22EE194D13D58E479EA5ED4 uses weak digest algorithm (SHA1)
The text was updated successfully, but these errors were encountered: