Child Item

Ubuntu Plucky - Policy will reject signature within a year

warning: https://linux.dropbox.com/ubuntu/dists/plucky/Release.gpg: Policy will reject signature within a year, see --audit for details
Control: https://linux.dropbox.com/ubuntu/dists/plucky/Release.gpg: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound:
No binding signature at time 2025-05-30T19:08:44Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
--

Ubuntu Plucky is stable enough to support Dropbox, update signature PLEASE!!!!!!

André

Find more posts tagged with

Desktop

Install

Linux

Insightful

Comments

Walter

Hey @Verwijs - thanks for bringing this to our attention.

Can you please clarify if you're having a particular issue with the Dropbox desktop app on your computer at the moment or if this is just a heads-up for our team?

Any additional information or even screenshots are more than welcome!

Nancy

Sorry for the nudge here, @Verwijs.

I just wanted to make sure that you don’t need further help with the above.

If you do, please let us know.

HKnox

I am having the same issue with Debian forky:

W: Failed to fetch http://linux.dropbox.com/debian/dists/trixie/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound: No binding signature at time 2026-01-08T18:18:04Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

W: Some index files failed to download. They have been ignored, or old ones used instead

Using SHA1 for the signing key is no longer allowed for Debian. I will not be the only person with this issue!

HKnox

I found a solution:

The following assume you are in /etc/apt/keyrings/ (ie, cd /etc/apt/keyrings)

Get the current Dropbox keyring:
sudo curl -s linux.dropbox.com/fedora/rpm-public-key.asc | sudo tee dropbox-current.asc

Convert to .gpg:
sudo gpg --dearmor dropbox-current.asc
This leaves dropbox-current.gpg in /etc/apt/keyrings

Update /etc/apt/sources.list.d/dropbox.sources to ensure it includes the following line:
Signed-By: /etc/apt/keyrings/dropbox-current.gpg

(The entire dropbox.sources file:

Types: deb
URIs: http://linux.dropbox.com/debian/
Suites: trixie
Components: main
Signed-By: /etc/apt/keyrings/dropbox-current.gpg

)