Skip to content
This repository was archived by the owner on Nov 21, 2025. It is now read-only.
This repository was archived by the owner on Nov 21, 2025. It is now read-only.

Debian package gpg signature packet v3 is not considered secure #48

Open
Open
Debian package gpg signature packet v3 is not considered secure#48
@jman-schief

Description

@jman-schief
jman-schief
opened on Oct 9, 2025

Running on Debian/testing (frosty).

IIUC the warning I see, the gpg key needs to be updated.

$ sudo apt update --audit
...
Ign:3 https://proget.makedeb.org makedeb InRelease                                    
Get:4 https://proget.makedeb.org makedeb Release [7,608 B]
...
Warning: https://proget.makedeb.org/dists/makedeb/Release.gpg: Policy will reject signature within a year, see --audit for details
Audit: https://proget.makedeb.org/dists/makedeb/Release.gpg: Sub-process /usr/bin/sqv returned an error code (1), error message is:
   Error: Policy rejected packet type
   Caused by:
       Signature Packet v3 is not considered secure since 2026-02-01T00:00:00Z

(error log shows /usr/bin/sqv because I'm using Sequoia PGP Chameleon but I think it's not relevant to the issue)

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions