> GPG does not provide a way for APT to validate key lengths when the
signature is verified, so we did all we could do here.
Some pages, like https://launchpad.net/~fnu/+archive/ubuntu/main-fnu/
say "Signing key: 1024R" when you click on "Technical details about this
PPA". So launchpad clearly
Sign with two keys then, and try to tell people. After a period of time
you could disable the old key (ie no longer sign anything with it) - for
anyone who still hasn't updated their configuration their system will
still work, but instead of updates they would get errors. Then they
would update
Launchpad could *automatically* create a mirror of any PPA that still
uses a 1024 bit key, with a standard suffix to the name, eg xyzppa gets
mirrored as xyzppa-newkey. It could then link to it from the page for
the original PPA. It would always have all the same source, built files
and other
Updates usually run automatically in the background, including from
PPAs, and are unencrypted. This means a man-in-the-middle can gain root
access, just by inserting their own version of one of the packages into
this network traffic, because updates run as root. They can first obtain
the public
** Tags added: encryption needs-update security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1461834
Title:
1024-bit signing keys should be deprecated
Status
Public bug reported:
Pulseaudio 4.0 has a limit of 32 simultaneous streams, which may be
multiple instances of music/video players or multiple browser tabs. If
this limit is reached it is not obvious what is going on, there may be a
wrongly-worded error message like 'Init failed: Too large', it
In cases where the limit is not reached this is unlikely to make any
difference. In cases where the limit is reached, it is obviously a very
big improvement.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in
7 matches
Mail list logo