W: repo XY uses weak digest algorithm (SHA1)

I am quite concerned about security and so I don’t like messages like this :

 W: http://download.opensuse.org/repositories/home:/p_conrad:/coins/xUbuntu_16.04/Release.gpg: Signature by key C39B1D488C8856171C1F6CB329D8C8DAC4447CF3 uses weak digest algorithm (SHA1) 

And that’s another thing - I want to contact the author of that repo but there was no contact info (no email) It’d be nice to force users when creating repo to add email (mandatory field/ parameter…) and verify if it’s working - cause of the situations like that.
Thanks Rob

On Fri 26 Aug 2016 09:06:01 AM CDT, roberto68 wrote:

I am quite concerned about security and so I don’t like messages like
this :
W:
http://download.opensuse.org/repositories/home:/p_conrad:/coins/xUbuntu_16.04/Release.gpg:
Signature by key C39B1D488C8856171C1F6CB329D8C8DAC4447CF3 uses weak
digest algorithm (SHA1) And that’s another thing - I want to
contact the author of that repo but there was no contact info (no email)
It’d be nice to force users when creating repo to add email (mandatory
field/ parameter…) and verify if it’s working - cause of the
situations like that.
Thanks Rob

Hi
It’s there, just need to be logged into OBS…

conrad(one dash)novell{and a dot}com{aaaaat)quisquis{dot}de


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!