Recently debian updated the apt* tools to warn about repositories using SHA1. You should update your gpg settings to use a newer hash function (see e.g. https://askubuntu.com/questions/750133/how-can-i-fix-w-the-repository-is-insufficiently-signed-by-the-key, and https://wiki.debian.org/Teams/Apt/Sha1Removal) so that the zabbix installation will work with future debian stable systems.

Steps to reproduce

on a debian testing/unstable system, have an entry like the following in /etc/apt/sources.list:

deb http://repo.zabbix.com/zabbix/3.0/debian jessie main
deb-src http://repo.zabbix.com/zabbix/3.0/debian jessie main

run 'apt-get update'

Expected behaviour

apt-get should download the files from the repository without complaining

Actual behaviour

apt-get gives a warning:

W: http://repo.zabbix.com/zabbix/3.0/debian/dists/jessie/InRelease: Signature by key FBABD5FB20255ECAB22EE194D13D58E479EA5ED4 uses weak digest algorithm (SHA1)