Signing Key Insecure?
The Tor team is using at least 3 message-digest algorithms (SHA256, SHA1, MD5), some of them, SHA1 and MD5 are not considered secure.
view-source:https://deb.torproject.org/torproject.org/dists/trixie/InRelease
Package manager APT said “Policy will reject signature within a year, see --audit for details”