Submitted by just_me on Tue, 09/27/2016 - 01:41
When running apt-get update under Ubuntu 16.04 i get the error message:
W: http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-xenial/Release.gpg: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)
W: http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-universal/Release.gpg: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)
and therefore the repos from virtualmin are ignored:
Ign:10 http://software.virtualmin.com/gpl/ubuntu virtualmin-xenial InRelease
Ign:11 http://software.virtualmin.com/gpl/ubuntu virtualmin-universal InRelease
Can you please recreate a key, which is acceptable for Ubuntu 16.04 and Debian 8.5 running apt 1.2.7 or higher?
Thank you Best
Status:
Active
Comments
Submitted by andreychek on Tue, 09/27/2016 - 07:38 Comment #1
Howdy -- hmm, we were aware of it generating that warning previously. At the time it was purely a warning though, not a requirement.
However it now appears that it may be requiring SHA256.
We'll look deeper into that.
Submitted by just_me on Tue, 09/27/2016 - 11:09 Comment #2
This has been introduced in Debian 8.5 and Ubuntu 16.04 with apt 1.2.7, so it is a must have, unfortunately. Perhaps you can add Ubuntu 16.04 and Debian 8.5 to the list of OSes, for creating issues?
Thanks and best
PS: What about a HowTo Section? I would like to have a howto for setting up ssl/tls connections for dovecot and postfix running on ports 993 and 587 ... ;-)
Submitted by andreychek on Tue, 09/27/2016 - 16:12 Comment #3
We're working on this now, we'll hopefully have it sorted out soon. Thanks for the heads up!
Submitted by just_me on Mon, 10/03/2016 - 05:12 Comment #4
Any news on this?
Submitted by andreychek on Mon, 10/03/2016 - 09:02 Comment #5
Joe has recently pushed out an update that should actually correct this problem. Can you try running "apt-get update" and see if that resolves the issue you're seeing?