ddebs.ubuntu.com gpg signatures use sha-1
Bug #1558823 reported by
Seth Arnold
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ddeb-retriever |
Fix Released
|
Medium
|
Martin Pitt |
Bug Description
The package archives at ddebs.ubuntu.com are signed with signatures based on SHA-1:
wget http://
gpg --list-packets < Release.gpg | grep digest
digest algo 2, begin of digest 5e a9
Algorithm 2 is SHA-1: https:/
The main archives use algo 10, which is SHA-512.
Please update the xenial and newer ddebs to use the newer signature algorithm.
Thanks
Related branches
Changed in ubuntu: | |
assignee: | nobody → Martin Pitt (pitti) |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1558823/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]