Server Version#: 1.42.2.10156
Good morning, when I go to perform the update, I get the following warning:
warning: https://downloads.plex.tv/repo/deb/dists/public/InRelease: Policy will reject signature within a year, see --audit for details
How can I fix the problem?
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 13 (trixie)
Release: 13
Codename: trixie
Yes, I am waiting too, that Plex is fixing this. I think Debian will reject the key in early 2026, aka 2026-02-01.
Audit: https://downloads.plex.tv/repo/deb/dists/public/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on CD...9D is not bound:
No binding signature at time 2025-09-22T18:33:03Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
@ChuckPa Any chance you can get someone to answer this question?
Not trying to be a nag but thats 67 days from today⊠Not including any time off, so thats FAST approaching
Good thing youâre not my wife 
ROFL ROFL
There is a lot going on internally about this.
Prior to the certificates being updated, other work MUST be completed.
Thatâs the priority right now.
I know the cert is important but, compared to the other work, itâs trivial (create a certificate, publish the public part, start signing builds with it).
It will get done. Donât worry. It might be a photo finish but itâll make it
Debian 13.2 here. apt output:
Warning: https://downloads.plex.tv/repo/deb/dists/public/InRelease: Policy will reject signature within a year, see --audit for details
Audit: https://downloads.plex.tv/repo/deb/dists/public/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound:
No binding signature at time 2025-09-22T18:33:03Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
same problem
Same issue here:
looks like Debian 13 enforced no more SHA-1 on 01FEB2026
âSHA1 is not considered secure since 2026-02-01T00:00:00â
I think we need new GPG keys that are not SHA-1? is there an updated key yet?
Warning: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: ``https://downloads.plex.tv/repo/deb`` public InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound: No binding signature at time 2025-09-22T18:33:03Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: Failed to fetch ``https://downloads.plex.tv/repo/deb/dists/public/InRelease`` Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound: No binding signature at time 2025-09-22T18:33:03Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Any update @ChuckPa?
Thank you
I am out of that loop.
The build team and engineering are handling the construction of the new repo, putting the new GPG key (which is tested and works well with RPMs) out, and setting up a new DEB repo.
They will be doing the updated packages . I am no longer involved.
Any updates from the Plex team? Apt updates have been throwing warning messages for months. I am a bit surprised that this wasnât addressed prior to 2/1/26, and even more shocked it has remained broken for multiple days.
Is there an ETA?
I agree this is shocking. There has been a warning for many months now, and promises that it was being addressed.
This is shockingly late for a trivial change,. all they needed to do was generate a new secret key with a safe algorithm for their repo and give us the gpg (public key) for it to replace our existing one.
Well well well⊠I guess it is time to leave the ship 
Still waiting for an update. How has this taken this long, when plex has known about it for more than a year
âI am out of that loop.â
âI am no longer involved.â
Sounds like whoever is attempting to take over your job is incompetent.
Plex Support, please advise how to fix this error?
Get:6 https://downloads.plex.tv/repo/deb public InRelease [6,685 B]
Err:6 https://downloads.plex.tv/repo/deb public InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key 97203C7B3ADCA79D, which is needed to verify signature.
Warning: OpenPGP signature verification failed: https://downloads.plex.tv/repo/deb public InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key 97203C7B3ADCA79D, which is needed to verify signature.
Error: The repository âhttps://downloads.plex.tv/repo/deb public InReleaseâ is not signed.
Notice: Updating from such a repository canât be done securely, and is therefore disabled by default.
The fix is in the other thread
Good morning, today I received an email from Plex support with a link to an article on how to resolve the issue with repositories and the key, and by following the procedure, the problem is solved.
Below I leave the link to the article:
