Heads up: apt depreciates SHA1 signatures in 2026. Unfortunately, the repositories still uses SHA1 in their signing key, so an update is necessary. This concerns all PureOS releases, AFAIK.
I already get this warning:
Warning: https://repo.pureos.net/pureos/dists/<DISTRO_VERSION>/InRelease: Policy will reject signature within a year, see --audit for details
Audit gives me the following deadline: 2026-02-01T00:00:00Z, after that, SHA1-keys will be rejected.
Is that maybe x86 only? I don’t recall seeing any complaints on the Librem 5.
(I guess onwards and upwards though, and it will eventually be the same on the Librem 5.)
The internet says that you can override this rejection temporarily if you have to but obviously it would be less hassle for customers if Purism upgraded the signature algorithm before 1 Feb.
Nope. Just me being on a more recent apt version (namely the one to be found in dawn (yes, yes, yes, beta, I know 
)). Even if older apt versions don’t complain, it is still a security issue. Version 2.9.19 of apt has these changes regarding secure signing algorithms. See here: apt/debian/changelog at main · Debian/apt · GitHub
OK. Well, as I implied, it will eventually be the same for everyone else on the Librem 5.