Dear Community
This is my first post and I hope this is the right place to post this.
I followed the instructions to install the Debian Repo for installing graylog-sidecar from here:
When doing apt update after installing the repo, i get:
apt update
Hit:1 http://ftp.ch.debian.org/debian trixie InRelease
Get:2 http://ftp.ch.debian.org/debian trixie-updates InRelease [47.3 kB]
Hit:3 http://security.debian.org/debian-security trixie-security InRelease
Get:4 https://packages.graylog2.org/repo/debian sidecar-stable InRelease [22.0 kB]
Err:4 https://packages.graylog2.org/repo/debian sidecar-stable InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 28AB6EB572779C2AD196BE22D44C1D8DB1606F22 is not bound: No binding signature at time 2026-03-09T16:30:25Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: OpenPGP signature verification failed: https://packages.graylog2.org/repo/debian sidecar-stable InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 28AB6EB572779C2AD196BE22D44C1D8DB1606F22 is not bound: No binding signature at time 2026-03-09T16:30:25Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Error: The repository 'https://packages.graylog2.org/repo/debian sidecar-stable InRelease' is not signed.
Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.
From what I know, newer gpg versions that come with Trixie consider sha1 as insecure. It appears that this needs to be fixed on the repo side.
Thanks,
Roman