More > JRiver Media Center 21 for Linux

The repository is insufficiently signed by key (weak digest)

(1/2) > >>

Awesome Donkey:
Adding the GPG key and repository in Ubuntu 16.04 and updating the package list results in an error...


--- Code: ---W: gpgv:/var/lib/apt/lists/dist.jriver.com_latest_mediacenter_dists_jessie_InRelease: The repository is insufficiently signed by key AFCABAC2C6F16C0E1F2D9707C30B25C6077765D5 (weak digest)
--- End code ---

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331
https://wiki.debian.org/Teams/Apt/Sha1Removal

This is likely because of the depreciation of SHA-1 and the GPG key appears to only be SHA-1 and it'll require SHA-256. I'm not sure if the packages are SHA-1 signed or not, if they are they'll need to be SHA-256 signed too. It was bound to happen sooner or later. Even Google's Chrome repository is half-broken right now because of this.

Manually updating via dpkg still works, but right now the repository is half-broken on Ubuntu 16.04 because of this.

geier22:
I got the same error in Debian stretch:

--- Code: ---W: gpgv:/var/lib/apt/lists/dist.jriver.com_latest_mediacenter_dists_jessie_InRelease: The repository is insufficiently signed by key AFCABAC2C6F16C0E1F2D9707C30B25C6077765D5 (weak digest)

--- End code ---

bob:
Sigh.

Awesome Donkey:

--- Quote from: bob on March 31, 2016, 04:58:40 pm ---Sigh.
--- End quote ---

That's exactly what I thought the response to be. ;)

It's a bummer though that they're starting to enforce it.

Hendrik:

--- Quote from: Awesome Donkey on March 31, 2016, 05:12:48 pm ---It's a bummer though that they're starting to enforce it.

--- End quote ---

Did it even warn before, or did it really go from nothing to broken?

Navigation

[0] Message Index

[#] Next page

Go to full version