Ubuntu Plucky - Policy will reject signature within a year

I found a solution:

The following assume you are in /etc/apt/keyrings/ (ie, cd /etc/apt/keyrings)

Get the current Dropbox keyring:
sudo curl -s linux.dropbox.com/fedora/rpm-public-key.asc | sudo tee dropbox-current.asc

Convert to .gpg:
sudo gpg --dearmor dropbox-current.asc
This leaves dropbox-current.gpg in /etc/apt/keyrings

Update /etc/apt/sources.list.d/dropbox.sources to ensure it includes the following line:
Signed-By: /etc/apt/keyrings/dropbox-current.gpg

(The entire dropbox.sources file:

Types: deb
URIs: http://linux.dropbox.com/debian/
Suites: trixie
Components: main
Signed-By: /etc/apt/keyrings/dropbox-current.gpg

)

I am having the same issue with Debian forky: 

W: Failed to fetch http://linux.dropbox.com/debian/dists/trixie/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 1C61A2656FB57B7E4DE0F4C1FC918B335044912E is not bound: No binding signature at time 2026-01-08T18:18:04Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

W: Some index files failed to download. They have been ignored, or old ones used instead

Using SHA1 for the signing key is no longer allowed for Debian. I will not be the only person with this issue!

Sorry for the nudge here, Verwijs. 

I just wanted to make sure that you don’t need further help with the above. 

If you do, please let us know.

Hey Verwijs - thanks for bringing this to our attention.

Can you please clarify if you're having a particular issue with the Dropbox desktop app on your computer at the moment or if this is just a heads-up for our team?

Any additional information or even screenshots are more than welcome!