Hi folks, trying Trixie "apt update" shows a warning about my local repo (managed by reprepro on Bookworm) I don't know how to handle:
Warning: http://debian.example.com/debian/dists/trixie-backports/InRelease: Policy will reject signature within a year, see --audit for details Audit: http://debian.example.com/debian/dists/trixie-backports/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx is not bound: No binding signature at time 2025-06-02T09:32:30Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z I know that SHA1 is not secure, but what is this resistance error message trying to tell me? InRelease is signed by a RSA4096 key. Digest is SHA512. I also have a revocation key for the signing key. ??? Every helpful comment is highly appreciated Harri
