repository uses weak digest algorithm (SHA1)
Hi,
I have a weird signature issue with an LMDE Mint repository. I know that this is not pure debian but nevertheless I think my question is best posted here.
The issue is: I have 4 PC and 1 laptop at home. All running LMDE2. When I do "apt-get update" the PCs have no issue. But the laptop says:
# last 2 lines of "apt-get update" output
W: http://linux-mint.froonix.org/dists/betsy/Release.gpg: Signature by key E1A38B8F144675D060EA666F3EE67F3D0FF405B2 uses weak digest algorithm (SHA1)
W: http://extra.linuxmint.com/dists/betsy/Release.gpg: Signature by key E1A38B8F144675D060EA666F3EE67F3D0FF405B2 uses weak digest algorithm (SHA1)
##
I reinstalled all keyring debs on the laptop.
I am using the exact same sources on the laptop and the PCs (rsync of /etc/apt/sources.list*). During the last test I even rsync'ed all /etc/apt/trusted* to the laptop.
I tried to fetch it via apt-key:
##
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1A38B8F144675D060EA666F3EE67F3D0FF405B2
Executing: /tmp/tmp.9xZlldxhO9/gpg.1.sh --keyserver
keyserver.ubuntu.com
--recv-keys
E1A38B8F144675D060EA666F3EE67F3D0FF405B2
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
##
But the laptop keeps throwing these signature warnings - and only the laptop. Why is that?
Thank you for your help.
Matthias
Reply to: