Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-24 Thread Michael Hudson-Doyle
On Wed, 24 Jan 2024 at 20:48, Adrien Nader wrote: > On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote: > > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha > > wrote: > > > > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov > > > wrote: > > > > > Sadly shipping this in 24.04 means that PPAs

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-24 Thread Jeremy Bícha
On Wed, Jan 24, 2024 at 2:48 AM Adrien Nader wrote: > > On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote: > > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha > > wrote: > > > > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov > > > wrote: > > > > > Sadly shipping this in 24.04 means that PPAs

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-24 Thread Adrien Nader
On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote: > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha > wrote: > > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov > > wrote: > > > > Sadly shipping this in 24.04 means that PPAs owned by user > > > > accounts created prior to 2014-03-11[3] until

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-23 Thread Michael Hudson-Doyle
On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha wrote: > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov > wrote: > > > Sadly shipping this in 24.04 means that PPAs owned by user > > > accounts created prior to 2014-03-11[3] until the key rotation > > > mechanism(s) [4][5] have been implemented.

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-23 Thread Brian Murray
On Thu, Jan 18, 2024 at 07:01:48PM +0100, Julian Andres Klode wrote: > Hi, > > we just noticed again that we are still trusting 1024R keys for > signing repositories in APT, arguably because we do not have a > means to tell gpgv the minimum key size. > > While the upstream bug[0] is being worked

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-22 Thread Jeremy Bícha
On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov wrote: > > Sadly shipping this in 24.04 means that PPAs owned by user > > accounts created prior to 2014-03-11[3] until the key rotation > > mechanism(s) [4][5] have been implemented. > > > > I do wonder how many active old PPA owners remain in

Re: Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-22 Thread Dimitri John Ledkov
Hi, On Thu, 18 Jan 2024 at 18:02, Julian Andres Klode wrote: > > Hi, > > we just noticed again that we are still trusting 1024R keys for > signing repositories in APT, arguably because we do not have a > means to tell gpgv the minimum key size. > > While the upstream bug[0] is being worked on, >

Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04

2024-01-18 Thread Julian Andres Klode
Hi, we just noticed again that we are still trusting 1024R keys for signing repositories in APT, arguably because we do not have a means to tell gpgv the minimum key size. While the upstream bug[0] is being worked on, I have written a hack[1] that - if APT_SIGNING_REQUIREMENTS_HACK environment