Bug#818405: apt: Google Chrome repository unusable because of weak digest
The Google repos still use a weak digest:
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg:
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak
digest algorithm (SHA1)
W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg:
Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak
digest algorithm (SHA1)
E: Failed to fetch
http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash
entry in Release file
/var/lib/apt/lists/partial/dl.google.com_linux_talkplugin_deb_dists_stable_Release
which is considered strong enough for security purposes
E: Some index files failed to download. They have been ignored, or old
ones used instead.
Is there any apt command-line flag or preference or sources list option
to re-enable SHA1 digests for these repos or globally? Setting
[trusted=yes] for each of these repos in the sources list did not change
the behaviour of apt.
Kind regards,
--
Ben Caradoc-Davies <ben@transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
Reply to: