Key too weak for Ubuntu 16.04

When running apt-get update under Ubuntu 16.04 i get the error message:

W: http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-xenial/Release.gpg: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)
W: http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-universal/Release.gpg: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)

and therefore the repos from virtualmin are ignored:

Ign:10 http://software.virtualmin.com/gpl/ubuntu virtualmin-xenial InRelease
Ign:11 http://software.virtualmin.com/gpl/ubuntu virtualmin-universal InRelease

Can you please recreate a key, which is acceptable for Ubuntu 16.04 and Debian 8.5 running apt 1.2.7 or higher?

Thank you Best

Status: 
Active

Comments

Howdy -- hmm, we were aware of it generating that warning previously. At the time it was purely a warning though, not a requirement.

However it now appears that it may be requiring SHA256.

We'll look deeper into that.

This has been introduced in Debian 8.5 and Ubuntu 16.04 with apt 1.2.7, so it is a must have, unfortunately. Perhaps you can add Ubuntu 16.04 and Debian 8.5 to the list of OSes, for creating issues?

Thanks and best

PS: What about a HowTo Section? I would like to have a howto for setting up ssl/tls connections for dovecot and postfix running on ports 993 and 587 ... ;-)

We're working on this now, we'll hopefully have it sorted out soon. Thanks for the heads up!

Joe has recently pushed out an update that should actually correct this problem. Can you try running "apt-get update" and see if that resolves the issue you're seeing?