apt update gives:
W: http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-universal/Release.gpg: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)
2 threads 4 years ago were already notifying this:
already reported this.
Now, Ubuntu aptitude and apt update issue warnings about those weak certificates. And apticron sends me a mail per server every day about this.
Any chances to put that pending item a bit up in the pile ? (could not reply to old auto-closed topics, so creating a new one).
Thanks for the heads up.
@Joe Is there an easy way to fix that?
You’re using old repos. I can’t change the signing key on the old repos. It’d be a breaking change for all old installs.
/vm/6 repos (which have been around for several years) use a newer algorithm.
Thank you Joe!
That was the solution! (suggestion: would be nice if the old repo could have a deprecation message with instructions to upgrade to new one).
For other readers, here is what I did to upgrade the Virtualmin GPL installs to new repo:
curl -L https://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-6 | apt-key add -
deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-xenial main
deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-universal main
deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-xenial main
deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal main
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.