Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[solved] ubuntuzilla weak encryption is there---disable it?
[solved] ubuntuzilla weak encryption is there---disable it?
ubuntuzilla weak encryption is there a way to disable the notification for the ppas that I trust? (Yes, I know some Debian people don't trust PPA but some do. You can get a lot of good software in PPAs) Note, I am not asking about a Debian system. I am asking about the Ubuntu systems.
Last edited by groze on 2016-09-29 00:58, edited 1 time in total.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: ubuntuzilla weak encryption is there a way to disable it
I was asking about the Ubuntu flavor not Debian. Debian team is the cause of Signature by key xxxxxxxxxxxxx uses weak digest algorithm (SHA1) for Ubuntu flavors that why I am asking here. Actually, I know there is way to disable that notice. What I am asking is there a way to disable the notice per PPA this way you could still use PPAs that uses sha1 that you have trusted in the past. Once, the Debian team stops the SHA1 totally on Jan 1, 2017 a lot of Linux forms will be asking similar questions. In fact ubuntuzilla ppa claims they have upgrade their PPA to sha2 but it still shows it uses sha1 week encryption. So, there is a least one bug.
Re: ubuntuzilla weak encryption is there a way to disable it
Then it would seem that you're asking in the wrong place.groze wrote:Note, I am not asking about a Debian system. I am asking about the Ubuntu systems.
http://ubuntuforums.org/
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: ubuntuzilla weak encryption is there a way to disable it
I don't see how one can blame the Debian team, for the problemsDebian team is the cause of Signature by key xxxxxxxxxxxxx uses weak digest algorithm (SHA1) for Ubuntu flavors that why I am asking here.
that ubuntu has, but then I suppose one can blame any body they
want to, but that does not solve anything.
Rather then blaming every body else, maybe the "Ubuntu team", should
try solving their problem, I am sure they have forums and mailing
lists to discuss these sort of things.
It looks like Dasein all ready posted a link, so no need to do that
again.
Another thing, though , here it is mostly "Debian Users", we don't
have anything to do with the development, and that sort of thing,
if there is some kind of issue, or bug that needs to be worked on
they do have some mailing lists that are used by the developers
to discuss these kind of things.
https://lists.debian.org/
=================
https://lists.debian.org/devel.html
I would report that to the "ubuntuzilla ppa" maintainers, there is nothing we can do about that here.In fact ubuntuzilla ppa claims they have upgrade their PPA to sha2 but it still shows it uses sha1 week encryption. So, there is a least one bug.
====================================
As for this:
HOWTO contact forum moderators/admins
Note to mod, I was trying to change my email but it won't let me, it thinks I am a spammer or thinks comcast is. I was just able to get my email back. I forgot about the Debian account I had. I can setup another email with comcast if that would work, instead of using outlook dot com emails. Thank you for looking into this.
In fact, it might be to your advantage to read this as well:
Forum guidelines. Please read before first post!
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: ubuntuzilla weak encryption is there a way to disable it
Though that particular Ubuntuzilla PPA is safe for Debian users, since it just packages the Mozilla static binaries into deb packages (somehting I could reproduce in a few minutes in yet another openSUSE Build Service repository, by the way), I would think that it could lead beginners to accept PPAs as a matter of course.
Anyway, you can get compiled dynamic binary Firefox backports from mozilla.debian.net, so I don't know why you would use a PPA to get the browser, anyway.
Anyway, you can get compiled dynamic binary Firefox backports from mozilla.debian.net, so I don't know why you would use a PPA to get the browser, anyway.
MX Linux packager and developer
Re: ubuntuzilla weak encryption is there a way to disable it
I don't think some of you understand what I am talking about. I thought the Debian community was the place to go for this question. Here is what I am talking about https://wiki.debian.org/Teams/Apt/Sha1Removal because it also effect Debian based distros like Ubuntu, Lubuntu, Kubuntu and so one. Debian or any derivative really shouldn't have any control what PPAs do. The whole point of Linux is to use open source as much as possible? That should be up to the PPA administrators not Debian or any distro in my opinion.
The bugs already been reported again to ubuntuzilla just recently. I am not saying use PPA on Debian even though there is a way to do. I had read some disagreements on PPA use.
I guess you are saying I should contact Teams/Apt/ on how to disable the notice or allow sha1 ppas starting in January 2016 for Ubuntu,
The bugs already been reported again to ubuntuzilla just recently. I am not saying use PPA on Debian even though there is a way to do. I had read some disagreements on PPA use.
I guess you are saying I should contact Teams/Apt/ on how to disable the notice or allow sha1 ppas starting in January 2016 for Ubuntu,
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: ubuntuzilla weak encryption is there a way to disable it
Debian has absolutely nothing to do with the management of Launchpad or its PPAs, other than the source code for packages that get used. Nothing to do with the encryption of the repositories.
MX Linux packager and developer
Re: ubuntuzilla weak encryption is there a way to disable it
So you are saying Debian is not in charge of the Apt team. The apt team answers to no distro but wiki Debian allows them to put info on their website. https://wiki.debian.org/Teams/Apt/Sha1Removalstevepusser wrote:Debian has absolutely nothing to do with the management of Launchpad or its PPAs, other than the source code for packages that get used. Nothing to do with the encryption of the repositories.
Anyway the issues is mute, I found a solution and still hope it will work on or after the January 1st.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: ubuntuzilla weak encryption is there a way to disable it
Please share your solution with the community.groze wrote:I found a solution
deadbang
Re: ubuntuzilla weak encryption is there a way to disable it
Head_on_a_Stick wrote:Please share your solution with the community.groze wrote:I found a solution
Since you asked.
As I said I don't know if it will work after the 1st. It was a real simple fix. It still shows the warning message, now if ubuntuzilla PPA is not fixed by Jan 1, 2017 we will find out if this works.
This would be locate in sources.list file
Code: Select all
deb [trusted=yes] http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: ubuntuzilla weak encryption is there a way to disable it
Isn't that just a rather old script that goes and gets the Mozilla package and bundles it? It's also not a Launchpad PPA, so how you can link it to apt or Debian is beyond me, being that it's just a script on SF. Real PPA repos are compliant with the new encryption standard.
Please mark this as SOLVED so no one else wastes their time with this.
Please mark this as SOLVED so no one else wastes their time with this.
MX Linux packager and developer
Re: ubuntuzilla weak encryption is there a way to disable it
You have over 7124 post and you waste you time with that response that doesn't even make any sense to me. I really hate to say this. You might want to read up on how apt & sources.list files work for Debian & other distros. For your info, I have used an Arch based distro (Not arch itself) , & OpenSuse distro and other distros as well. My understanding is apt won't work without a sources.list file.stevepusser wrote:Isn't that just a rather old script that goes and gets the Mozilla package and bundles it? It's also not a Launchpad PPA, so how you can link it to apt or Debian is beyond me, being that it's just a script on SF. Real PPA repos are compliant with the new encryption standard.
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: ubuntuzilla weak encryption is there a way to disable it
Then please explain how this Sourceforge address that you provided is a Launchpad PPA:
We all know how wonderful Sourceforge is for Windows packages...
Yes, I have many posts, but I usually try and do a bit of research online before shooting my mouth off, bud. And why use a PPA when you can get a Debian-built Firefox from mozilla.debian.net, anyway?
Code: Select all
http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
(suppresses laughter) I don't understand many technical subjects either, but I don't argue with those that do.you waste you time with that response that doesn't even make any sense to me.
Yes, I have many posts, but I usually try and do a bit of research online before shooting my mouth off, bud. And why use a PPA when you can get a Debian-built Firefox from mozilla.debian.net, anyway?
MX Linux packager and developer
Re: ubuntuzilla weak encryption is there a way to disable it
stevepusser wrote:Then please explain how this Sourceforge address that you provided is a Launchpad PPA:We all know how wonderful Sourceforge is for Windows packages...Code: Select all
http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
Yes, I have many posts, but I usually try and do a bit of research online before shooting my mouth off, bud. And why use a PPA when you can get a Debian-built Firefox from mozilla.debian.net, anyway?
You might want to check out sourceforge it has a lot of Linux stuff. I won't post that here, because that might be considered advertising.
Debian & Ubuntu developers are now working together. Some developers even work on both systems. Yes, I have done my research. They didn't use to get along but decided it would be beneficial for both to work together. Read this on the web.
When you do a sudo apt-get update on Xubuntu or any Ubuntu flavor 16.04 LTS or above, You get this message:
This will also effect Debian Stretch as well. When you use a PPA or another 3rd party repository. I know Debian frowns on PPAs but remember Ubuntu is based off of Debian. (That the best way I could describe it). Some people even think Linux Mint-all desktops are frankendebians I let others debate that. Apt was developed by Debian from what I read.W: http://downloads.sourceforge.net/projec ... /InRelease: Signature by key xxxxxxxxxxxxx uses weak digest algorithm (SHA1)
If you recall, I said this in my first post.
I hope this explains it better. I did add some extra stuff.I am not asking about a Debian system. I am asking about the Ubuntu system