1. Home
  2. Categories
  3. Support
  4. Signature Packet v3 is not considered secure

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Signature Packet v3 is not considered secure

  • F

    Hey team,

    hope you are well!

    With Debian 13 Trixie, I do get this error with our proget repo:

    Warnung: https://proget.<reponame>/debian/<feedname>/dists/trixie/InRelease: Policy will reject signature within a year, see --audit for details
    Audit: https://proget.zollsoft.de/debian/deb-proxmox/dists/bookworm/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
    Error: Policy rejected packet type
    Caused by:
    Signature Packet v3 is not considered secure since 2026-02-01T00:00:00Z

    I've read some git and reddit threads about the issue, but marking the repo as trusted and allow_insecure doesn't solve the issue for me really. At https://tracker.debian.org/pkg/apt I might have missed information about it. So checking in with you guys, if you are aware of this.

    Many thanks,
    Frank

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @frei_zs ,

    We are currently working on PG-3110 to add support for "v4 signatures" and intend to release that soon (along with better support for public repositories) in an upcoming maintenance release.

    Unfortunately it's not trivial, as the underlying cryptography library (Bouncy Casstle) does not support it, so we have to reimplement signing -- and the good news is that it seems to work so far, and is much faster.

    Thanks,
    Alana

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation