hi,
In newer versions of apt, the current syncthing repository is rejected with the following error message:
Get:2 https://apt.syncthing.net syncthing InRelease [24.2 kB]
Err:2 https://apt.syncthing.net syncthing InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key FBA2E162F2F44657B38F0309E5665F9BD5970C47, which is needed to verify signature. Signing key on 37C84554E7E0A261E4F76E1ED26E6ED000654A3E is not bound: No binding signature at time 2026-01-31T01:39:55Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: OpenPGP signature verification failed: https://apt.syncthing.net syncthing InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key FBA2E162F2F44657B38F0309E5665F9BD5970C47, which is needed to verify signature. Signing key on 37C84554E7E0A261E4F76E1ED26E6ED000654A3E is not bound: No binding signature at time 2026-01-31T01:39:55Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Error: The repository 'https://apt.syncthing.net syncthing InRelease' is not signed.
Is it possible to get the apt repository signed with a new GPG key using modern hashing algorithms?