[llvm-bugs] [Bug 179147] LLVM repository update on Debian testing (forky) now fails

Sun, 01 Feb 2026 14:42:18 -0800

Issue 179147
Summary LLVM repository update on Debian testing (forky) now fails
Labels new issue
Assignees
Reporter shemminger 
    Something broke today. Debian appears to have gotten pickier about keys

$ sudo apt update
Hit:1 http://debian.osuosl.org/debian testing InRelease
Hit:2 http://debian.osuosl.org/debian testing-updates InRelease 
Hit:3 http://security.debian.org/debian-security testing-security InRelease 
Hit:5 http://deb.debian.org/debian experimental InRelease 

Hit:4 https://apt.llvm.org/unstable llvm-toolchain-21 InRelease
Err:4 https://apt.llvm.org/unstable llvm-toolchain-21 InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 is not bound:            No binding signature at time 2025-12-21T23:13:57Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
All packages are up to date.    
Warning: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: http://linux.dropbox.com/debian sid InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound:            No binding signature at time 2026-01-08T18:18:02Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: https://apt.llvm.org/unstable llvm-toolchain-21 InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 is not bound:            No binding signature at time 2025-12-21T23:13:57Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: Failed to fetch http://linux.dropbox.com/debian/dists/sid/InRelease  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound:            No binding signature at time 2026-01-08T18:18:02Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: Failed to fetch http://apt.llvm.org/unstable/dists/llvm-toolchain-21/InRelease  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 is not bound:            No binding signature at time 2025-12-21T23:13:57Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: Some index files failed to download. They have been ignored, or old ones used instead.


_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to