I upgraded to Debian trixie and noticed that `apt update` results in errors for the prosody repository. This seems to be caused by an insecure signing key: ``` # apt update ... Hit:8 http://packages.prosody.im/debian trixie InRelease Err:8 http://packages.prosody.im/debian trixie InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 107D65A0A148C237FDF00AB47393D7E674D9DBB5 is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z Warning: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: http://packages.prosody.im/debian trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 107D65A0A148C237FDF00AB47393D7E674D9DBB5 is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z Warning: Failed to fetch http://packages.prosody.im/debian/dists/trixie/InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 107D65A0A148C237FDF00AB47393D7E674D9DBB5 is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z Warning: Some index files failed to download. They have been ignored, or old ones used instead. ```

I was able to work around this by creating a file /etc/crypto-policies/back-ends/apt-sequoia.config with ``` [hash_algorithms] sha1.second_preimage_resistance = "always" [asymmetric_algorithms] dsa1024 = "always" ```

Thanks for the report. We are aware of this and have planned to replace this key soon. https://packages.prosody.im/debian/pubkey-new.asc will be the new key and https://packages.prosody.im/debian/package-key-rotation-2025-02-14.asc is a statement signed by the previous key

• tags Component-Builder Status-Started