Trisquel using weak key and digest algorithm

Progetto:Trisquel
Versione:7.0
Componente:Installer
Categoria:segnalazione di bug
Priorità:normal
Assigned:Non assegnata
Stato:active
Descrizione

I tried to verify the iso image of trisquel 7 (http://cdimage.trisquel.info/trisquel-images/trisquel_7.0_amd64.iso) and i noticed that is using a weak key (https://trisquel.info/files/trisquel-archive-signkey.gpg) and SHA1 digest algorithm.

pub dsa1024 2007-01-14 [SC]
E6C27099CA21965B734AEA31B4EFB9F38D8AEBF1
uid [ unknown] Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>
sub elg2048 2007-01-14 [E]

---

gpg> showpref
[ unknown] (1). Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify