apt update warning - Signature uses weak digest algorithm (SHA1)

**Aaron** · 24-Jun-2016, 09:58 AM

Yes, this is something we'll need to implement, as the security standards are strengthened over the next year for various key signing of installers. It's on our to do list to tackle this before the SHA1 standard expires.

**Dave_L** · 29-Jun-2016, 09:53 AM

Is this really a security issue? I don't see how someone could exploit this.

**Aaron** · 29-Jun-2016, 10:41 AM

Someone could theoretically create an alternate installer that looks like it is signed properly using SHA1. There's a security consensus to move to alternate signing methods, which we are implementing. The Windows installer already incorporates both signing methods (as older versions of Windows don't support newer methods), but we'll be shifting over entirely to a newer standard soon during a transition period, as well as update our Linux and OSX signing methods.

**Dave_L** · 29-Jun-2016, 01:59 PM

Thanks, Aaron.

apt update warning - Signature uses weak digest algorithm (SHA1)

apt update warning - Signature uses weak digest algorithm (SHA1)

Comment

Comment

Comment

Comment