Passing -v gpgv: Signature made Tue May 27 11:39:13 2025 +02:00 gpgv: using RSA key 4A3CE3CD565D7EB5C810E2B97FF3F408476CF100 gpgv: Can't check signature: Bad public key Signing key on 4A3CE3CD565D7EB5C810E2B97FF3F408476CF100 is not bound: gpgv: error: No binding signature at time 2025-05-27T09:39:13Z gpgv: because: Policy rejected non-revocation signature (PositiveCertification) requiring collision resistance gpgv: because: SHA1 is not considered secure since 2013-02-01T00:00:00Z
The subkey is only signed with SHA-1 and should be signed with SHA-512, the key owner needs to --edit-key and change expiry to resign it For the APT issue, please open a separate bug and run apt dist-upgrade --solver internal -o Dir::Log::Solver=/path/to/file.edsp.xz to create a solver dump and add it to a new bug (it may also create its own bug report then as the solution is worse than the old solver). This may be fixed by the APT in proposed, I don't have a handy reproducer, my lxd image is not old enough. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2111790 Title: gpgv-sq breaks verifying signed simplestreams data To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2111790/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
