I’m trying to use your Debian apt repo instructions, and I’m getting this warning:

Warning: https://download.sublimetext.com/apt/stable/InRelease: Policy will reject signature within a year, see --audit for details

When I use --audit flag as it suggests, I get

Warning: https://download.sublimetext.com/apt/stable/InRelease: Policy will reject signature within a year, see --audit for details
Audit: https://download.sublimetext.com/apt/stable/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
   Signing key on 1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A is not bound:
              primary key
     because: No binding signature at time 2025-05-13T05:32:15Z
     because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
     because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

This is on Debian/Testing, fully up to date.

Same as https://github.com/sublimehq/sublime_text/issues/6679 right?

And is this (https://github.com/sublimehq/sublime_text/issues/6666) a fix for the same thing or a different apt change?

So https://github.com/sublimehq/sublime_text/issues/6679 appears to be the same, yes.

https://github.com/sublimehq/sublime_text/issues/6666 is the instructions on https://www.sublimetext.com/docs/linux_repositories.html#apt which is what I used, that is giving this warning. So doesn’t seem to be the solution. I think it’s that the key is using SHA1, which isn’t considered secure, and so a policy is at a certain date it’ll disable validating it and cause errors.

No way to upvote issues, so: Bump.

Also seen after upgrading to Debian 13 (trixie) from Debian 12 (bookworm).

$ cat /etc/apt/sources.list.d/sublime-text.sources 
Types: deb
URIs: https://download.sublimetext.com/
Suites: apt/dev/
Signed-By: /etc/apt/keyrings/sublimehq-pub.asc

Debian 13 started to give the same warnings.
Sublime HQ, please upgrade the signing keys to SHA2/SHA256.

Why can’t this issue be fixed? People are complaining in https://github.com/sublimehq/sublime_text/issues/6679

FTR, according to the related GH issue(s) there is a new key available:

Yup, can confirm, as per https://github.com/sublimehq/sublime_text/issues/6679#issuecomment-3484182472, it’s working. Need to follow the linked instructions to import the new key, and then also (not stated in the comment) to reload the apt repo config to point to the new key, then all works.