Bug#818405: apt: Google Chrome repository unusable because of weak digest
Control: notfound -1 1.2.9
Control: close -1
Don't be rude: Don't play hidden bts control message games.
On Mon, Mar 28, 2016 at 09:38:03AM +1300, Ben Caradoc-Davies wrote:
> The Google repos still use a weak digest:
>
> W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature
> by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm
> (SHA1)
> W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg:
> Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest
> algorithm (SHA1)
> E: Failed to fetch
> http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash
> entry in Release file /var/lib/apt/lists/partial/dl.google.com_linux_talkplugin_deb_dists_stable_Release
> which is considered strong enough for security purposes
> E: Some index files failed to download. They have been ignored, or old ones
> used instead.
Just remove the freaking talkplugin thing. It
(a) makes no sense at all to have that if you use Chrome
(b) it's dead, aka not maintained anymore
The other thing is a *warning* and does not cause any trouble at all. Heck,
most frontends even ignore it. Please read
https://wiki.debian.org/Teams/Apt/Sha1Removal
Thank you.
>
> Is there any apt command-line flag or preference or sources list option to
> re-enable SHA1 digests for these repos or globally? Setting [trusted=yes]
> for each of these repos in the sources list did not change the behaviour of
> apt.
No there is not currently. There might be something later on.
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.
Reply to: