Update fails on apps signed with MD5
java-1.8.0-openjdk-184.108.40.206 now has MD5 disabled (at least on my system). This caused
fdroidserver to fail when updating a repository that includes an old APK that is still signed with MD5.
$ jarsigner -verify -verbose old.apk ... - Signed by "CN=FDroid, OU=FDroid, O=fdroid.org, L=ORG, ST=ORG, C=UK" Digest algorithm: SHA1 Signature algorithm: MD5withRSA (weak), 2048-bit key WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
How should we handle these APKs? Ignore them? Delete them? Still include them?
Failing the entire update process is probably not the right way to handle it.