[X2Go-Dev] Repository signing uses weak digest algorithm (SHA1)
Mihai Moldovan
ionic at ionic.de
Sat Jul 16 09:49:04 CEST 2016
On 08.07.2016 11:40 AM, Mike Gabriel wrote:
> Control: close -1
>
> On Di 26 Apr 2016 14:12:45 CEST, Christian Kreidl wrote:
>
>> Package: packages.x2go.org
>>
>> Hi!
>>
>> Repository signing with SHA1 is deprecated in testing:
>>
>> http://packages.x2go.org/debian/dists/stretch/InRelease: Signature by key
>> 972FD88FA0BAFB578D0476DFE1F958385BFE2B6E uses weak digest algorithm (SHA1)
>>
>> Please update your configuration to use SHA256:
>> https://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro#Generating_GnuPG_keys
>>
>> Thanks!
>
> Done. Actually, digest-algo is now SHA512.
Are you sure that this is fixed? Don't we need to regenerate the keys or at
least re-sign all (*.deb?) packages?
Mihai
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20160716/86e57c0a/attachment.pgp>
More information about the x2go-dev
mailing list