Weak hash for debian package


I'm using debian unstable.

apt in debian complains about:
W: http://deb.obspy.org/dists/jessie/InRelease: Signature by key
AB88DF222C40D448E99F0F07054D40E834811F05 uses weak digest algorithm (SHA1)

I just installed the latest apt (1.4~beta1) from unstable and now apt
fails to update from obspy

W: An error occurred during the signature verification. The repository
is not updated and the previous index files will be used. GPG error:
http://deb.obspy.org jessie InRelease: The following signatures were
invalid: AB88DF222C40D448E99F0F07054D40E834811F05
W: Failed to fetch http://deb.obspy.org/dists/jessie/InRelease The
following signatures were invalid: AB88DF222C40D448E99F0F07054D40E834811F05


Hi Peje,

please double-check what distribution you're using, codename jessie
(Debian 8) is current Debian *stable* (not "unstable"). You can check with..

$ lsb_release -ca


$ cat /etc/*-release

Now, if you are on Debian stable ("jessie") you should not update single
packages to unstable versions beyond "jessie-backports" unless there is
a striking reason to do so (and you know exactly what you are doing).
Package version of apt in Debian stable is
On the other hand, if you indeed are on "unstable".. sorry, no official
Debian packages for the highly volatile Debian unstable, you will have
to install manually (or build your own packages, which is a one-liner,

Installation of obspy packages through our apt repository on
jessie/stable works for me without problems. The key might get changed
to a stronger hash algorithm in the future.