[Touch-packages] [Bug 1461834] Re: 1024-bit signing keys should be deprecated

> GPG does not provide a way for APT to validate key lengths when the signature is verified, so we did all we could do here. Some pages, like https://launchpad.net/~fnu/+archive/ubuntu/main-fnu/ say "Signing key: 1024R" when you click on "Technical details about this PPA". So launchpad clearly

[Touch-packages] [Bug 1461834] Re: 1024-bit signing keys should be deprecated

Sign with two keys then, and try to tell people. After a period of time you could disable the old key (ie no longer sign anything with it) - for anyone who still hasn't updated their configuration their system will still work, but instead of updates they would get errors. Then they would update

[Touch-packages] [Bug 1461834] Re: 1024-bit signing keys should be deprecated

Launchpad could *automatically* create a mirror of any PPA that still uses a 1024 bit key, with a standard suffix to the name, eg xyzppa gets mirrored as xyzppa-newkey. It could then link to it from the page for the original PPA. It would always have all the same source, built files and other

[Touch-packages] [Bug 1461834] Re: 1024-bit signing keys should be deprecated

Updates usually run automatically in the background, including from PPAs, and are unencrypted. This means a man-in-the-middle can gain root access, just by inserting their own version of one of the packages into this network traffic, because updates run as root. They can first obtain the public

[Touch-packages] [Bug 1461834] Re: 1024-bit signing keys should be deprecated

** Tags added: encryption needs-update security vulnerability -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated Status

[Touch-packages] [Bug 1492404] [NEW] Backport limit increase for pulseaudio number of streams

Public bug reported: Pulseaudio 4.0 has a limit of 32 simultaneous streams, which may be multiple instances of music/video players or multiple browser tabs. If this limit is reached it is not obvious what is going on, there may be a wrongly-worded error message like 'Init failed: Too large', it

[Touch-packages] [Bug 1492404] Re: Backport limit increase for pulseaudio number of streams

In cases where the limit is not reached this is unlikely to make any difference. In cases where the limit is reached, it is obviously a very big improvement. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in