Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-23397

SHA1 warning for Debian Release file signature

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.11
    • Component/s: Packaging
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      Follow instructions on https://docs.mongodb.org/master/tutorial/install-mongodb-on-debian/ Step 3, running apt-get update, produces the warning.

      Show
      Follow instructions on https://docs.mongodb.org/master/tutorial/install-mongodb-on-debian/ Step 3, running apt-get update , produces the warning.
    • Sprint:
      Build 2016-08-26

      Description

      The use of SHA1 for Debian repository Release files is deprecated with plans for removal and began causing the following warning in APT 1.2.7:

      W: gpgv:/var/lib/apt/lists/repo.mongodb.org_apt_debian_dists_wheezy_mongodb-org_3.0_Release.gpg: The repository is insufficiently signed by key 492EAFE8CD016A07919F1D2B9ECBEC467F0CEB10 (weak digest)

      Although the issue only affects upcoming Debian and Ubuntu releases that are not officially supported, it would be great for users and developers on these systems if you would consider updating your repository to include stronger hashes.

      Thanks,
      Kevin

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: