Skip to content

sha1 not secure #1922

New issue
New issue
Open
Open
sha1 not secure#1922
@OrionRandD

Description

@OrionRandD
OrionRandD
opened on Feb 6, 2026

apt update does not update node repo anymore
I was OK 5 days ago...

Distribution Information:

Debian

Node Version:

node_25.x

To Reproduce
Steps to reproduce the behavior:

apt update does not update node repo anymore

Expected behavior

Refresh node repository

Screenshots

Additional context

sudo apt update

Hit:1 https://deb.debian.org/debian unstable InRelease
Get:2 https://deb.nodesource.com/node_25.x nodistro InRelease [10.6 kB]
Err:2 https://deb.nodesource.com/node_25.x nodistro InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6F71F525282841EEDAF851B42F59B5F99B1BE0B4 is not bound: No binding signature at time 2026-02-03T15:06:09Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Hit:3 https://packages.element.io/debian default InRelease
Hit:4 http://debug.mirrors.debian.org/debian-debug sid-debug InRelease
Hit:5 https://packages.siduction.org/extra unstable InRelease
Hit:6 https://packages.siduction.org/fixes unstable InRelease
Hit:7 https://dl.jami.net/stable/debian_testing jami InRelease
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: https://deb.nodesource.com/node_25.x nodistro InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6F71F525282841EEDAF851B42F59B5F99B1BE0B4 is not bound: No binding signature at time 2026-02-03T15:06:09Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Failed to fetch https://deb.nodesource.com/node_25.x/dists/nodistro/InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6F71F525282841EEDAF851B42F59B5F99B1BE0B4 is not bound: No binding signature at time 2026-02-03T15:06:09Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Some index files failed to download. They have been ignored, or old ones used instead.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions