Playonlinux, weak digest algorithm

Hi,
I do have this warning from apt (apt update) and in this case it concerns Playonlinux :

Signature by key 74F7358425EEB6176094C884E0F72778C4676186 uses weak digest algorithm (SHA1)

http://deb.playonlinux.com/dists/trusty/InRelease

removing reinstalling playonlinux from boutique or apt does the same.

Did you noticed ?

Some issues from Google : https://www.google.fr/search?client=ubuntu&channel=fs&q=Signature+by+key+uses+weak+digest+algorithm+(SHA1)&ie=utf-8&oe=utf-8&gfe_rd=cr&ei=tBT-WIiZEM7DaPr-peAM

What i understood : This is a normal APT behaviour, until you can update packages. That seems to belongs to maintainers. Am i right ?
Thanks

Almost, @Tristan_VILLERS. That’s up to repository maintainers to fix, not package maintainers. I have the same (and unfortunate constant issue) with StoneSoup developers’ repo. Debian dropped SHA1 in favour of SHA256 early last year and some repos are taking their sweet time to follow suit.

Debian maintains (used to maintain?) a list of repos that haven’t done the transition yet, but I can’t find it now. Nonetheless they get contacted periodically by Debian to do so.

This is the page that tracks apt repos that need updating:

• https://wiki.debian.org/Teams/Apt/Sha1Removal

@lah7 Looks like Play on Linux needs dropping.

Thanks to you both for passing by. So then, what to do ?
Wait and see ?

You could contact Play on Linux, explain their repo is broken and give them the link I shared.

Ok Wimpy, if this can help community - i’ll try … when i will have some more times.
Thanks

Just an update to this – I noticed their key had expired/changed some weeks ago, and since using their new key, this error doesn’t appear anymore (it’s the same remote URL, so Boutique didn’t need updating).

Considering this one fixed.

(An easy way is to just re-install it from the Boutique, this’ll import the new key)

Thanks a lot lah7 ! i’ll try and let you know about !!!