When adding our own apt repository to a new Ubuntu/Xenial machine, I got a "insufficiently signed (weak digest)" error.

# apt-get update
...
W: gpgv:/var/lib/apt/lists/partial/ppa.osso.nl_ubuntu_dists_xenial_InRelease:
The repository is insufficiently signed by key 4D1...0F5 (weak digest)

Confirmed it with gpgv.

# gpgv --keyring /etc/apt/trusted.gpg \
    /var/lib/apt/lists/ppa.osso.nl_ubuntu_dists_xenial_InRelease
gpgv: Signature made Wed 23 Mar 2016 10:14:48 AM UTC using RSA key ID B36530F5
gpgv: Good signature from "PPA-OSSO-NL <support+ppa@osso.nl>"

# gpgv --weak-digest sha1 --verbose --keyring /etc/apt/trusted.gpg \
    /var/lib/apt/lists/ppa.osso.nl_ubuntu_dists_xenial_InRelease
gpgv: armor header: Hash: SHA1
gpgv: armor header: Version: GnuPG v1.4.11 (GNU/Linux)
gpgv: original file name=''
gpgv: Signature made Wed 23 Mar 2016 10:14:48 AM UTC using RSA key ID B36530F5
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: unknown digest algorithm

Indeed, SHA1.

We'll need to enforce a newer digest on the reprepro repository server:

reprepro# cat >> ~/.gnupg/gpg.conf << EOF
# Prefer better digests for signing.
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
EOF

Regenerate the release files with updated signatures:

reprepro# reprepro export
...

Go back to the user host, and check for success:

# apt-get update
...
(no errors)

# gpgv --verbose --keyring /etc/apt/trusted.gpg \
    /var/lib/apt/lists/ppa.osso.nl_ubuntu_dists_xenial_InRelease
gpgv: armor header: Hash: SHA512
gpgv: armor header: Version: GnuPG v1.4.11 (GNU/Linux)
gpgv: original file name=''
gpgv: Signature made Wed 23 Mar 2016 10:30:04 AM UTC using RSA key ID B36530F5
gpgv: Good signature from "PPA-OSSO-NL <support+ppa@osso.nl>"
gpgv: textmode signature, digest algorithm SHA512

Excellent. SHA512 this time, and no complaints from apt.

Update 2016-06-12

Fixed typo after feedback from Simon Leinen at SWITCH. He also remarked the following:

Some people have a gnupghome +b/gpg (basedir + "/gpg") setting in their ~reprepro/conf/options. If that's the case, the personal-digest-preferences line should go into ~reprepro/conf/gpg.conf instead of ~/.gnupg/gpg.conf.

signing reprepro apt gnupg