APT will consider Elastic repositories invalid soon

Jeremy_Lecour · January 9, 2026, 7:00am

Hi,

On Debian 13+, apt will soon consider Elastic repository invalid

Warning: https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details
      because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
      because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

It seems that something should be done quite soon to prevent breakage.

I’ve searched for a GitHub repository to report this more formally, but it doesn’t seem specially related to either of the stack components and I didn’t find a suitable repository.

Jeremy_Lecour · January 9, 2026, 9:19am

This is related to this Sequoia policy config :

Topic		Replies	Views
Apt raises warning for repo on Debian 13 Elasticsearch	0	498	September 3, 2025
Fixing Debian Repository? Elasticsearch	6	3311	July 5, 2017
Workaround for broken pgp signature on es 1.7.6 debian repo Elasticsearch	1	1609	August 30, 2019
Elastic artifacts repository missing last release Elasticsearch	4	304	February 22, 2024
The repository 'https://artifacts.elastic.co/packages/6.x/apt stable Release' does not have a Release file Elasticsearch	1	1770	November 9, 2020

APT will consider Elastic repositories invalid soon

Related topics