Bug Description

Since xenial updated the requirements for the strength of PGP signatures of packages, packages from some repositories are no longer updated. Apt-get update reports these errors:

E: Failed to fetch http://[...]/Release No Hash entry in Release file /var/lib/ apt/lists/ partial/ [...] which is considered strong enough for security purposes

E: Some index files failed to download. They have been ignored, or old ones used instead.

While the motivation for the change is valid, the result is a potential security problem, as the new versions of the packages that may fix recently discovered vulnerabilities are not automatically installed.

One less important but unfortunate effect is a scary message that is displayed to the user, without clear explanation that the problem needs to be addressed by the repository owner.

Related: Bug #1558331