[jitsi-users] download.jitsi.org weak digest algorithm


#1

Hi,

I have download.jitsi.org in my apt/sources.list, and every time I run
apt update, I get the warning

   W: http://download.jitsi.org/deb/unstable/Release.gpg: Signature by key 040F57608F84BAF1BF844A62C697D823EB0AB654 uses weak digest algorithm (SHA1)

Just wanted to let you know ...

Cheers,
  Andreas.


#2

Hi,

we have a new repo, we just haven't changed the pages and haven't
pushed a new stable jitsi version there. It's only currently used for
the unstable branch, and it uses bigger key with stronger digest.

Thanks for the report
damencho

···

On Sun, Jul 17, 2016 at 4:11 PM, Andreas Hilboll <andreas-h@posteo.de> wrote:

Hi,

I have download.jitsi.org in my apt/sources.list, and every time I run
apt update, I get the warning

   W: http://download.jitsi.org/deb/unstable/Release.gpg: Signature by key 040F57608F84BAF1BF844A62C697D823EB0AB654 uses weak digest algorithm (SHA1)

Just wanted to let you know ...

Cheers,
  Andreas.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Hi Damencho,

sorry, I didn't fully get your mail. Could you clarify on this?

Is there a stable repo, apart from unstable and nightly? Is
http://download.jitsi.org/deb/unstable/ not supposed to be used any
more? Where can we find the new repo?

Thank in advance,

René

···

Am 18.07.2016 um 15:00 schrieb Damian Minkov:

Hi,

we have a new repo, we just haven't changed the pages and haven't
pushed a new stable jitsi version there. It's only currently used for
the unstable branch, and it uses bigger key with stronger digest.

Thanks for the report
damencho

On Sun, Jul 17, 2016 at 4:11 PM, Andreas Hilboll <andreas-h@posteo.de> wrote:

Hi,

I have download.jitsi.org in my apt/sources.list, and every time I run
apt update, I get the warning

   W: http://download.jitsi.org/deb/unstable/Release.gpg: Signature by key 040F57608F84BAF1BF844A62C697D823EB0AB654 uses weak digest algorithm (SHA1)

Just wanted to let you know ...

Cheers,
  Andreas.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
René Herlitz
@reneneee

T +49 - 30 - 577 057 622
F +49 - 30 - 577 057 629
M +49 - 177 - 452 45 45
Skype: reneray

Office hours:
Mon 09:30 - 17:30 CET
Tue 15:30 - 17:30 CET
Wed/Thu/Fri 09:30 - 15:30 CET

Konnektiv
Wilhelmine-Gemberg-Weg 14
10179 Berlin

http://konnektiv.de/


#4

Hi René,

Till now we had these debian repos:
Stable: "deb http://download.jitsi.org/deb/ unstable/"
Nightly: "deb http://download.jitsi.org/nightly/deb unstable/"

Now we are in transition to the following:
Unstable: "deb https://download.jitsi.org unstable/"
Stable: "deb https://download.jitsi.org stable/"
Testing: "deb https://download.jitsi.org testing/"

We haven't fully switched to the new stable (editing all web pages and
links) cause there is no jitsi desktop client pushed there, but we
will do it soon.

About your question, if you want to use a stable repo for jitsi-meet
go and use "deb https://download.jitsi.org stable/". If you want a
stable repo for the jitsi desktop client, use "deb
http://download.jitsi.org/deb/ unstable/".
Yep, all old repos had the word "unstable" in the links which is a bit
confusing.

Regards
damencho

···

On Mon, Jul 18, 2016 at 12:38 PM, René Herlitz <rene@konnektiv.de> wrote:

Hi Damencho,

sorry, I didn't fully get your mail. Could you clarify on this?

Is there a stable repo, apart from unstable and nightly? Is
http://download.jitsi.org/deb/unstable/ not supposed to be used any
more? Where can we find the new repo?

Thank in advance,

René

Am 18.07.2016 um 15:00 schrieb Damian Minkov:

Hi,

we have a new repo, we just haven't changed the pages and haven't
pushed a new stable jitsi version there. It's only currently used for
the unstable branch, and it uses bigger key with stronger digest.

Thanks for the report
damencho

On Sun, Jul 17, 2016 at 4:11 PM, Andreas Hilboll <andreas-h@posteo.de> wrote:

Hi,

I have download.jitsi.org in my apt/sources.list, and every time I run
apt update, I get the warning

   W: http://download.jitsi.org/deb/unstable/Release.gpg: Signature by key 040F57608F84BAF1BF844A62C697D823EB0AB654 uses weak digest algorithm (SHA1)

Just wanted to let you know ...

Cheers,
  Andreas.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
René Herlitz
@reneneee

T +49 - 30 - 577 057 622
F +49 - 30 - 577 057 629
M +49 - 177 - 452 45 45
Skype: reneray

Office hours:
Mon 09:30 - 17:30 CET
Tue 15:30 - 17:30 CET
Wed/Thu/Fri 09:30 - 15:30 CET

Konnektiv
Wilhelmine-Gemberg-Weg 14
10179 Berlin

http://konnektiv.de/

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users