Skip to content

APT repo signed with SHA1 which is insecure #155

New issue
New issue
Open
Open
APT repo signed with SHA1 which is insecure#155
@cthart

Description

@cthart
cthart
opened on Aug 9, 2025

apt update with the currently configured APT repo on Debian 13 yields:

Warning: http://linux.dropbox.com/debian/dists/trixie/Release.gpg: Policy will reject signature within a year, see --audit for details

This is because:

Audit: http://linux.dropbox.com/debian/dists/trixie/Release.gpg: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound:
No binding signature at time 2025-05-30T19:08:45Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions