Ubuntu hasn't re-signed its old-releases repos to SHA-256?
In Xenial, Ubuntu decided to deprecate the use of SHA-1 hashes in APT.
https:/
This change came with the impressive and well considered transition strategy of completely disallowing users to bypass the new check that sees any SHA-1 hashed repo not loaded.
So my question is: Why has Ubuntu itself not re-signed all of their repos to SHA-256?
http://
I'm trying to re-construct an environment from years ago (Edgy to be precise) and all I'm getting is "The repository is insufficiently signed by key (weak digest)" error messages with no way to avoid them but to go back to the dark ages and manually download a .DEB, install it and manually resolve dependencies.
Get it together.
Andrew
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Andrew for more information if necessary.