I've done a little research and installed bareos on an LXC on a Proxmox host. And as Andreas Rogge described in the github comment I could not reproduce the error an that fresh install. You can read the details in my Github comment.
Long story short: If your key is too old (mine was from July 2023) you will have to download the key again from the bareos website and after that the apt warning will be gone. Greetings, Jens [email protected] schrieb am Mittwoch, 15. Oktober 2025 um 18:51:15 UTC+2: > Thank you for the Github link. I left a comment and I hope that someone > will take care of it. > > I'm not quite sure what you mean by "how your system was provisioned". > The system is a bare metal server. On this computer and with Debian 12 I > did not see this error but after upgrading to Debian 13. > I installed the community edition of Bareos in the first place with the > help of the script add_bareos_repositories.sh as described in the > documentation. > Is that what you meant or do you need other information? > > Greetings, Jens > Bruno Friedmann (bruno-at-bareos) schrieb am Mittwoch, 15. Oktober 2025 um > 16:57:56 UTC+2: > >> Hi Jens, >> >> We got that issue reported once, but we never got a reproducible path for >> it. >> https://github.com/bareos/bareos/issues/2353 >> >> Could you develop a bit more how your system was provisioned to get that >> error. >> Regards. >> >> If you have interesting details, you can reopen the issue and add them >> there. >> >> On Wednesday, 15 October 2025 at 13:00:23 UTC+2 [email protected] >> wrote: >> >>> Hello guys, >>> >>> after upgrading a server to Debian 13 I get this warning when I do an >>> 'apt update'. >>> >>> root@gandalf# LC_ALL=C apt update --audit >>> Hit:1 https://download.bareos.org/current/Debian_13 InRelease >>> <snip> >>> All packages are up to date. >>> Warning: https://download.bareos.org/current/Debian_13/InRelease: >>> Policy will reject signature within a year, see --audit for details >>> Audit: https://download.bareos.org/current/Debian_13/InRelease: >>> Sub-process /usr/bin/sqv returned an error code (1), error message is: >>> Signing key on 82834CF002D89BA55C1ED0AA42DA24A6DFEF9127 is not bound: >>> No binding signature at time 2025-10-09T09:15:50Z >>> because: Policy rejected non-revocation signature >>> (PositiveCertification) requiring second pre-image resistance >>> because: SHA1 is not considered secure since 2026-02-01T00:00:00Z >>> >>> I've just looked up if I have the most recent key and at least I haven't >>> found a newer one on the website. >>> >>> Right now this is not an issue but as far as I understand the message it >>> will be a problem from 2026-02-01. Are there any plans to create are more >>> secure key (sorry if I mix up keys, signatures etc. because I'm not too >>> familiar with these things). >>> >>> Greetings, Jens >>> >> -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bareos-users/5fab5cd1-937b-4988-842f-268159b9c545n%40googlegroups.com.
