Replacing vscode.list with vscode.sources

What have you tried:

  • ran sudo rm /etc/apt/trusted.gpg.d/microsoft.gpg
  • ran wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft.gpg > /dev/null
  • stopped here: sudo nano /etc/apt/sources.list.d/vscode.list

I have no idea what to do next here, chatgpt said to:

  • replace vscode.list with vscode.sources.
  • the entire code inside vscode.sources should be:

Types: deb
URIs: Index of /repos/code/
Suites: stable
Components: main
Architectures: amd64
Signed-By: /usr/share/keyrings/microsoft.gpg

  • And then next: Update your keyring if you haven’t already:

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft.gpg > /dev/null

  • Update apt to verify if it worked:

sudo apt update

What is the error:

Warning : https://packages.microsoft.com/repos/code/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details

  • Audit: https://packages.microsoft.com/repos/code/dists/stable/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
    • Signing key on BC528686B50D79E339D3721CEB3E94ADBE1229CF is not bound:
      • No binding signature at time 2025-06-02T06:22:15Z
        • because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
        • because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

What device is this on:

kali
description: Convertible
product: HP Pavilion x360 Convertible 15-br1xx (2DT04UA#ABA)
vendor: HP
width: 64 bits
capabilities: smbios-3.0.0 dmi-3.0.0 smp vsyscall32
configuration: administrator_password=disabled boot=normal chassis=convertible family=103C_5335KV HP Pavilion sku= uuid=

Should maybe change the name of your post, it has nothing whatsoever to do with your error. You really, really shouldn’t give a ■■■■ about what chatgpt is whispering into your ear.

Your problem is that the repository you added has an untrusted pgp signature - go to microsoft and look for how to install their repos and the key correctly.

1 Like

Or stop using vs code with all the Microsoft telemetry and phone home, and use codium instead, the version without all the crud in it…

Thanks for that one. Never heard of it before

Okay I’m using vscodium, is there a way to get my themes, profiles, and extensions from vscode to there (vscodium)?

This might be related: https://www.reddit.com/r/debian/comments/1k956ku/policy_will_reject_signature_within_a_year/

As far as I’m aware vscode just puts extensions etc in a folder that is parsed at start up, its only Electron (web browser) based, so you should be able to move them.

On the VScode extensions website, if you choose ‘manual install’ you’ll have a link to the extension that you can download and install offline, that doesn’t rely on being connected to Microsoft.

I prefer the Zed editor, it was written by the people who originally created the editor that Microsoft bought out and turned into VSCode, and they do now have a Linux version, but it relies on Vulcan still so AMD based systems. (it started off on Mac OSX) unfortunately this means it won’t run in a VM version of Kali as the emulated GPU isn’t up to the job.

Zed is written in rust and is very fast!