SHA1 Key signature warnings in Debian build for releases 3.x

[linqigang888]

I am the Debian maintainer for easy-rsa. While building the latest release, I received the following output:

dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: verifying ./easy-rsa_3.1.5.orig.tar.gz.asc
gpgv: Signature made Sat 10 Jun 2023 08:58:15 PM +07
gpgv:                using RSA key C8FCA3E7F787072CDEB91D2F72964219390D0D0E
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: WARNING: signing subkey 72964219390D0D0E has an invalid cross-certification
gpgv: Can't check signature: General error
dpkg-source: warning: cannot verify upstream tarball signature for ./easy-rsa_3.1.5.orig.tar.gz: no acceptable signature found

I took the latest public key from here and the .tgz and .tgz.sig from here. Could you look into the issues with cross-certification and SHA1?