[jitsi-dev] [Security] Jitsi .deb repository uses SHA1 signatures


#1

Hi,

This is already resolved, we created new repos (stable is still not
switched cause of the desktop client). You should use those:
https://jitsi.org/Main/DebianNightlyRepository
It is: deb https://download.jitsi.org unstable/
If using jitsi-meet you can also use the new stable repo: deb
https://download.jitsi.org stable/

Regards
damencho

···

On Thu, Nov 17, 2016 at 5:19 AM, Frederic Mohr <frederic.mohr@gmail.com> wrote:

Hi,

I noticed the following warning when updating via apt-get and wondered if
this is going to be resolved in the near future?

$ sudo apt-get update
Ign:1 http://download.jitsi.org/deb unstable/ InRelease
[...]
Hit:7 http://download.jitsi.org/deb unstable/ Release
[...]
Fetched 94.5 kB in 0s (146 kB/s)
Reading package lists... Done
W: http://download.jitsi.org/deb/unstable/Release.gpg: Signature by key
040F57608F84BAF1BF844A62C697D823EB0AB654 uses weak digest algorithm (SHA1)
Reading package lists... Done
[...]

Cheers,
Frederic

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev