Debian developer and Ubuntu member Julian Andres Klode announced that he plans on turning off SHA1 support for APT repositories starting January 1, 2017.
The long-awaited deprecation of the SHA-1 (Secure Hash Algorithm 1) encryption, which is used to verify digital content, CRLs (certificate revocation lists), and digital certificates, is set for the first day of January 2017 worldwide, which might affect your Internet browser.
But the SHA-1 encryption is also used to sign the APT (Advanced Package Tool) repositories of Debian-based operating systems, including the popular Ubuntu and Linux Mint, and it looks like these SHA-1-signed repos will be automatically rejected by APT in Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 16.10 (Yakkety Yak).
Before any of that gets started, though, there’s a lot of work to be done, and the Ubuntu developers will start by landing the first Beta development release of the upcoming APT 1.4 milestone in the Ubuntu 17.04 (Zesty Zapus) repositories, rejecting SHA-1-signed repos by default or at least implementing some sort of a warning.
Submitted by: Arnfried Walbrecht