Hi Matthias, I had a similar problem with my repository in stretch testing/unstable earlier this year. I had to change the reprepro (a repository manager) configuration to explicitly sign the repository and the release file. The key didn't need to be changed.
I've then searched for a way to make apt-get ignore or silent the warning with some setting in /etc/apt/apt.conf.d/ but I have found nothing. Maybe someone else knows how. The only way to make the warning disappear was to update reprepro configuration as I did in my repository. I guess you'll have to report this to Linux Mint team. Em 04/08/2016 21:56, "Matthias Bodenbinder" <matth...@bodenbinder.de> escreveu: > > Hi, > > I have a weird signature issue with an LMDE Mint repository. I know that this is not pure debian but nevertheless I think my question is best posted here. > > The issue is: I have 4 PC and 1 laptop at home. All running LMDE2. When I do "apt-get update" the PCs have no issue. But the laptop says: > > # last 2 lines of "apt-get update" output > W: http://linux-mint.froonix.org/dists/betsy/Release.gpg: Signature by key E1A38B8F144675D060EA666F3EE67F3D0FF405B2 uses weak digest algorithm (SHA1) > W: http://extra.linuxmint.com/dists/betsy/Release.gpg: Signature by key E1A38B8F144675D060EA666F3EE67F3D0FF405B2 uses weak digest algorithm (SHA1) > ## > > I reinstalled all keyring debs on the laptop. > > > > I am using the exact same sources on the laptop and the PCs (rsync of /etc/apt/sources.list*). During the last test I even rsync'ed all /etc/apt/trusted* to the laptop. > > I tried to fetch it via apt-key: > > ## > # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1A38B8F144675D060EA666F3EE67F3D0FF405B2 > Executing: /tmp/tmp.9xZlldxhO9/gpg.1.sh --keyserver > keyserver.ubuntu.com > --recv-keys > E1A38B8F144675D060EA666F3EE67F3D0FF405B2 > gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com > gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) < r...@linuxmint.com>" not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > ## > > But the laptop keeps throwing these signature warnings - and only the laptop. Why is that? > > Thank you for your help. > Matthias > >
