On Wed, 24 Jan 2024 at 20:48, Adrien Nader wrote:
> On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote:
> > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha
> > wrote:
> >
> > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
> > > wrote:
> > > > > Sadly shipping this in 24.04 means that PPAs
On Wed, Jan 24, 2024 at 2:48 AM Adrien Nader wrote:
>
> On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote:
> > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha
> > wrote:
> >
> > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
> > > wrote:
> > > > > Sadly shipping this in 24.04 means that PPAs
On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote:
> On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha
> wrote:
>
> > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
> > wrote:
> > > > Sadly shipping this in 24.04 means that PPAs owned by user
> > > > accounts created prior to 2014-03-11[3] until
On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha
wrote:
> On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
> wrote:
> > > Sadly shipping this in 24.04 means that PPAs owned by user
> > > accounts created prior to 2014-03-11[3] until the key rotation
> > > mechanism(s) [4][5] have been implemented.
On Thu, Jan 18, 2024 at 07:01:48PM +0100, Julian Andres Klode wrote:
> Hi,
>
> we just noticed again that we are still trusting 1024R keys for
> signing repositories in APT, arguably because we do not have a
> means to tell gpgv the minimum key size.
>
> While the upstream bug[0] is being worked
On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
wrote:
> > Sadly shipping this in 24.04 means that PPAs owned by user
> > accounts created prior to 2014-03-11[3] until the key rotation
> > mechanism(s) [4][5] have been implemented.
> >
>
> I do wonder how many active old PPA owners remain in
Hi,
On Thu, 18 Jan 2024 at 18:02, Julian Andres Klode
wrote:
>
> Hi,
>
> we just noticed again that we are still trusting 1024R keys for
> signing repositories in APT, arguably because we do not have a
> means to tell gpgv the minimum key size.
>
> While the upstream bug[0] is being worked on,
>
Hi,
we just noticed again that we are still trusting 1024R keys for
signing repositories in APT, arguably because we do not have a
means to tell gpgv the minimum key size.
While the upstream bug[0] is being worked on,
I have written a hack[1] that - if APT_SIGNING_REQUIREMENTS_HACK
environment