This page keeps track of repositories broken or half-broken by the SHA1 removal. Please note that we intend to shut of SHA1 completely on January 1, 2017.
Feel free to add other affected repos here.
Broken repositories
These issue warnings about insufficiently signed repositories (1.2.7) or weak signatures (1.2.8).
The cause of this is a missing SHA256 or SHA512 entry in the Release and/or Packages files.
- Google repositories
- Chrome (until Mar 18)
- Music Manager
- Talk Plugin
Half-broken repositories
The issue errors like "No hash entry found ... which is strong enough for security purposes" and cause a failure.
The cause of these is a Release file signed using a non-SHA2 hash.
- Insync.
- Google Chrome (since Mar 18, broken before)
- Opera (contacted over twitter)
- Spotify (contacted via key UID)
- Steam
- Vivaldi