Ubuntu
apt package

  1. Bug #1558331
  2. Comment #4

Comment 4 for bug 1558331

Revision history for this message
Michael Marley (mamarley) wrote : Re: After upgrading to apt 1.2.7 in Xenial, PPAs and most other third-party repositories become unusable with "The repository is insufficiently signed by key (weak digest)"

Hmm, it looks like the combination of the warnings and errors may be especially confusing. I have several PPAs and the Google Chrome repository on my system. The PPAs have the packages themselves signed with SHA256, but the GPG key is only SHA1. These repositories should work, but display an error message after an "aptitude update". The packages in the Chrome repository are signed only with SHA1, so those won't work at all, producing an error message. However, Synaptic displays all the warnings and errors together and says that it is an Error, which tricked me into thinking that none of the repositories would work.

Obviously, the PPAs need to be updated to use a stronger key. I can't see any way to do this manually though.