-
DietPi version
G_DIETPI_VERSION_CORE=9
G_DIETPI_VERSION_SUB=16
G_DIETPI_VERSION_RC=3
G_GITBRANCH=‘master’
G_GITOWNER=‘MichaIng’
G_LIVE_PATCH_STATUS[0]=‘applied’
G_LIVE_PATCH_STATUS[1]=‘applied’ -
Distro version
trixie 0 -
Kernel version
Linux DietPi 6.12.34+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.34-1+rpt1~bookworm (2025-06-26) aarch64 GNU/Linux -
Architecture
arm64 -
SBC model
RPi 4 Model B (aarch64) -
Power supply used
original -
SD card used
SanDisk ultra
Hi everyone,
after updating to DietPi v9.16 on RPi4 (Debian Trixie, kernel 6.12.34, arm64), running apt update --audit gives several warnings.
apt update --audit
Hit:1 https://deb.debian.org/debian trixie InRelease
Hit:2 https://deb.debian.org/debian trixie-updates InRelease
Hit:3 https://download.docker.com/linux/debian trixie InRelease
Hit:4 https://deb.debian.org/debian-security trixie-security InRelease
Hit:5 https://deb.debian.org/debian trixie-backports InRelease
Hit:6 https://archive.raspberrypi.com/debian trixie InRelease
Hit:7 https://dietpi.com/apt trixie InRelease
Hit:8 https://dietpi.com/apt all InRelease
All packages are up to date.
Warning: https://archive.raspberrypi.com/debian/dists/trixie/InRelease: Policy will reject signature within a year, see --audit for details
Audit: https://archive.raspberrypi.com/debian/dists/trixie/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on CF8A1AF502A2AA2D763BAE7E82B129927FA3303E is not bound:
No binding signature at time 2025-09-05T12:46:49Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Audit: The sources.list(5) entry for 'https://deb.debian.org/debian' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Audit: The sources.list(5) entry for 'https://deb.debian.org/debian' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Audit: The sources.list(5) entry for 'https://deb.debian.org/debian-security' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian-security'
Audit: The sources.list(5) entry for 'https://deb.debian.org/debian' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Audit: The sources.list(5) entry for 'https://dietpi.com/apt' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://dietpi.com/apt'
Audit: The sources.list(5) entry for 'https://dietpi.com/apt' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://dietpi.com/apt'
Audit: The sources.list(5) entry for 'https://download.docker.com/linux/debian' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://download.docker.com/linux/debian'
Audit: The sources.list(5) entry for 'https://archive.raspberrypi.com/debian' should be upgraded to deb822 .sources
Audit: Missing Signed-By in the sources.list(5) entry for 'https://archive.raspberrypi.com/debian'
Audit: Consider migrating all sources.list(5) entries to the deb822 .sources format
Audit: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Audit: See apt-secure(8) for best practices in configuring repository signing.
Audit: Some sources can be modernized. Run 'apt modernize-sources' to do so.
The system works and updates are applied correctly, but I’d like to clarify:
- Do I need to take immediate action, or are these just future warnings?
- Should I already convert the repositories to the
.sourcesformat usingapt modernize-sources? - Regarding the Raspberry Pi SHA1 key, should I wait for an upstream update, or is there a manual workaround?
Thanks in advance for any guidance.