debian gives: ..Release: The following signatures were invalid..

[ghost]

I followed these steps:

• Created /etc/apt/sources.list.d/gc2latex.list containing:

deb tor+http://wertarbyte.de/apt/ ./

• apt-key adv --recv-key 0x5145B9CD752C0197
• aptitude update

The update gives:

    W: GPG error: tor+http://wertarbyte.de/apt ./ Release: The following signatures were invalid: CC49F74C816C499C899A42885145B9CD752C0197
    E: The repository 'tor+http://wertarbyte.de/apt ./ Release' is not signed.
    E: Failed to download some files

[ghost]

The problem is that the signature uses the old (and no longer approved) SHA1 algorithm:

$ pgpdump <(curl -s http://wertarbyte.de/apt/Release.gpg)
Old: Signature Packet(tag 2)(63 bytes)
        Ver 3 - old
        Hash material(5 bytes):
                Sig type - Signature of a binary document(0x00).
                Creation time - Wed May 25 23:15:52 CEST 2011
        Key ID - 0x5145B9CD752C0197
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA1(hash 2)
        Hash left 2 bytes - 0e 04 
        DSA r(160 bits) - ...
        DSA s(157 bits) - ...
                -> hash(DSA q bits)

We need an updated sig from @wertarbyte.