Ubuntu to Reject SHA-1-Signed Repos by Default in APT Starting January 1, 2017

Share
  • Post Updated: April 3, 2024

Today, November 24, 2016, Debian developer and Ubuntu member Julian Andres Klode announced that he plans on turning off SHA1 support for APT repositories starting January 1, 2017.

As you might know, or not, the long-awaited deprecation of the SHA-1 (Secure Hash Algorithm 1) encryption, which is used to verify digital content, CRLs (certificate revocation lists), and digital certificates, is set for the first day of January 2017 worldwide, which might affect your Internet browser.

But the SHA-1 encryption is also used to sign the APT (Advanced Package Tool) repositories of Debian-based operating systems, including the popular Ubuntu and Linux Mint, and it looks like these SHA-1-signed repos will be automatically rejected by APT in Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 16.10 (Yakkety Yak).

“We already turned this off for fields inside the (meta) index files, this step now involves rejecting SHA1-based GPG signatures as well,” explains Julian Andres Klode in the… (read more)

Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!

Top Trending Pages: Ubuntu Downloads | Ubuntu How To Guide | Download Ubuntu Software | Share Ubuntu Files With Windows