Package: apt Version: 2.9.20 I am using Kubernetes' package repository to install kubeadm, kubectl and others, see https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/. For Bookworm this works very well, but for Sid apt update complains about the remote repository
# apt update : Warning: GPG error: https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.32/deb InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Error: Policy rejected packet type Caused by: Signature Packet v3 is not considered secure since 2021-02-01T00:00:00Z Error: The repository 'https://pkgs.k8s.io/core:/stable:/v1.32/deb InRelease' is not signed. Notice: Updating from such a repository can't be done securely, and is therefore disabled by default. Notice: See apt-secure(8) manpage for repository creation and user configuration details. # echo $? 100 file tells me the public key is version 4: # file /etc/apt/keyrings/kubernetes-apt-keyring.gpg /etc/apt/keyrings/kubernetes-apt-keyring.gpg: OpenPGP Public Key Version 4, Created Thu Aug 25 16:21:11 2022, RSA (Encrypt or Sign, 2048 bits); User ID; Signature; OpenPGP Certificate so apt should not complain about a version 3 signature without providing more details. I understand that this problem was mitigated in version 2.9.21, but this seems to be some bad code that might pop up in 2026 when v3 signatures are disabled again. Anyway, best season greetings Harri
