Weak signaturekey
-
Hello there you are using an weak signaturekey with sha1. Please fix this to an more secure level of encryption keep security in mind.
-
This is known and will be changed to SHA256 (as i remember).
But SHA1 for signing may be used currently for Linux distries.
I dont get any problems with Debian 8 and Ubuntu 14 LTS.
-
This is known and will be changed to SHA256 (as i remember).
But SHA1 for signing may be used currently for Linux distries.
I dont get any problems with Debian 8 and Ubuntu 14 LTS.The lastest version of "apt" is causing the flags https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/
(APT 1.2.7)
-
From https://vivaldi.net/de/forum/vivaldi-browser-for-linux/9022
APT 1.2.7 warning at release files signed with signatures using SHA1.
W: gpgv:/var/lib/apt/lists/repo.vivaldi.com_snapshot_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key ED18652D86E25D422EA7CE132CC26F777B8B44A1 (weak digest)
Blog post from APT-Maintainer Julian Andres Klode
https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/or German article
http://www.pro-linux.de/news/1/23358/debian-und-ubuntu-vertrauen-sha1-nicht-mehr.htmlWe will have to update our repositories to meet the new signature requirements coming in Ubuntu 16.04. In the meantime the warning can be ignored since Vivaldi will install normally and update until this is fixed. I have the same warning for many repositories/PPAs right now. But the time 16.04 is release I would assume this is taken care of so that the warnings will disappear.
//Christian - Vivaldi Technologies
-
Not sure if it's just my computer - I recently installed vivaldi-stable 1.6 and apt-get update still complains
W: Skipping acquire of configured file 'main/binary-amd64/Packages' as repository 'http://repo.vivaldi.com/stable/deb stable InRelease' provides only weak security information for it W: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://repo.vivaldi.com/stable/deb stable InRelease' provides only weak security information for it
Seems @christian comment is merely a supposition.