SULDR Forums Supported Printers Printing Questions Scanning Questions General Questions Samsung Installer

Author Topic: apt-get no longer works on bchemnet: weak signature  (Read 1146 times)

jdg

  • Testing the water
  • **
  • Posts: 1
    • View Profile
  • Linux Distribution: Debian
  • Printer: Samsung
apt-get no longer works on bchemnet: weak signature
« on: April 03, 2016, 04:07:01 AM »
The APT software in Debian unstable/testing has now been updated to reject weak digest algorithms, most notably SHA1.  The following warning is given, which will soon become an error, and prevent the package from being downloaded or installed:

W: http://www.bchemnet.com/suldr/dists/debian/InRelease: Signature by key 52C1D92CE6FC35F636B045C3C95104E509BAC46D uses weak digest algorithm (SHA1)

The Debian wiki says:

"Repository owners should make sure their release files and Packages files contain SHA256 or SHA512 fields. If they have Sources files, those should contain Checksums-Sha256. ... [The above warning] means the GPG signature on the Release file was made with SHA1 as the hash (= digest) algorithm."

Please could you upgrade your release file so that the repository continues to work?

Thanks!

bchemnet

  • Administrator
  • *****
  • Posts: 484
    • View Profile
  • Linux Distribution: Debian Testing
  • Printer: none
Re: apt-get no longer works on bchemnet: weak signature
« Reply #1 on: April 03, 2016, 03:31:03 PM »
Creating a proper package to maintain the key has been on my to-do list for a while, and will address this problem.

I will move it up in priority and get to it soon (maybe a week, maybe a month).

bchemnet

  • Administrator
  • *****
  • Posts: 484
    • View Profile
  • Linux Distribution: Debian Testing
  • Printer: none
Re: apt-get no longer works on bchemnet: weak signature
« Reply #2 on: May 14, 2016, 10:49:25 PM »
This is fixed.  The repository is now signed by the old and new key with appropriate hash.  The old key will be dropped in a few months once the new key is installed on users' systems via the new keyring package.

 

Repository Information Legal Contact Alternative Drivers