geier

I can't believe it. Someone actually tackled the problem. And successfully, too! An update was released immediately: [UPGRADE] enpass:amd64 6.11.12.1953 -> 6.11.13.1957.It would be helpful if the key were installed directly in the correct directory. Here's how to do it without sudo: # curl -fsSL "https://apt.enpass.io/keys/enpass-linux.key" | gpg --quiet --dearmor | tee /usr/share/keyrings/enpass.gpg >/dev/nulland the source in the new DEB822 format: ~$ cat /etc/apt/sources.list.d/enpass.sources Types: deb URIs: https://apt.enpass.io/ Suites: stable Components: main Signed-By: /usr/share/keyrings/enpass.gpg

I don't know what the problems are. With another program, the developer needed two days before a new key was made available to the community. Perhaps the technical team is also wondering how to get the "upcoming" release (really??) if apt refuses to read the repository. As I said, I've been using Enpass for many years and I'm happy with it. I'm also willing to pay for it. But not if the money goes into "nirvana" because I can't access the repository. Why don't you release a binary that can be installed if the valid key is causing these problems?

You should be honest enough to admit that there is no longer a technical team. The DEB822 issue has been known here for a year. There has been no change. Nor the question about a valid key for the repository. Same old story: It gets reported to whatever team, blah blah blah. See here: https://discussion.enpass.io/index.php?/topic/31740-policy-will-reject-signature-within-a-year/ Now the situation is such that you can no longer install Enpass from the repository and you don't receive any updates.

I'd like to second that. It's unacceptable that this problem has been known for eight months and no one feels responsible for fixing it. All we get from support is blah blah blah. I've been using Empass for many years under Debian and I'm happy with it. I'd even pay for the Linux version, but not under these conditions. For a password manager, I expect the generally accepted rules to be followed. But that doesn't seem to matter to you. I'll wait a while longer, but then I'll switch programs, I'm sorry to say. Error message Warnung: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. OpenPGP-Signaturüberprüfung fehlgeschlagen: https://apt.enpass.io stable InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on B6DA722E2E65721AF54B93966F7565879798C2FC is not bound: No binding signature at time 2025-07-28T06:45:22Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

Debian starts to switch to the DEB822 format (Sid) I use Testing. I have already converted the Debian and some other repos. According to this scheme, the entry for enpass should read as follows: Types: deb URIs: https://apt.enpass.io/ Suites: stable Components: main Enabled: yes Signed-By: /etc/apt/trusted.gpg.d/enpass.asc I saved this in /etc/apt/sources.list.d/enpass.sources. apt update does not produce any error message OK:6 https://apt.enpass.io stable InRelease from apt-listchanges: It would be nice if you could publish a gpg key for /usr/share/keyrings