Debian 13 (APT/Sequoia) will reject Plex repo key after 2026-02-01 — “key not bound / SHA-1”

lordvader.deathstar.live · August 30, 2025, 11:24am

Server Version#:v1.42.1.10060-4e8b05daf
Player Version#: N/A

Hi Plex team,
On Debian 13 (APT with Sequoia), apt update --audit reports:
“Signing key CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound… policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance… SHA1 is not considered secure since 2026-02-01.”
Could you please add a modern binding self-signature (e.g., SHA-256) to the repo key or rotate to a new key and re-sign the repository metadata? Otherwise APT will reject the repo after 2026-02-01. Thanks!

drinehart · August 30, 2025, 7:41pm

If you take time to search the forum you would find several threads on this already. For now, it is a non-issue.

ChuckPa · August 30, 2025, 8:55pm

This is known, acknowledged , on the task last for this year.

Not a factor.

Closing.

Topic		Replies	Views
Debian 13 GPG key is not bound, no binding signature at time + SHA1 Plex Media Server server-linux	8	892	November 8, 2025
Policy will reject signature Plex Media Server server-linux	5	292	November 27, 2025
Y'all need to update the debian repository signature Plex Media Server server-linux	2	101	September 10, 2025
Package repository's signing key does not meet security standards Plex Media Server server-linux	2	98	November 26, 2025
Debian 13 supported? Desktops & Laptops server-linux	11	1030	November 3, 2025

Debian 13 (APT/Sequoia) will reject Plex repo key after 2026-02-01 — “key not bound / SHA-1”

Related topics