Control: severity -1 important On Thu, Jul 27, 2023 at 12:16:54PM +0200, Julian Andres Klode wrote: > Package: gpgv > Version: 2.2.40-1.1ubuntu1 > Severity: normal > X-Debbugs-Cc: j...@debian.org > > I believe this allows APT to request a safe minimum RSA length from gpgv for > verification purposes, and then we could even run gpgv a 2nd time > without the flag and print a diagnostic for an orderly transition to > at least 2048R.
Bumping this. 1024R keys are becoming increasingly unsafe, and this will eventually become release critical for trixie because we shouldn't ship it with trust for those keys. And APT is not capable of checking the key size itself because gpg status fd doesn't expose it - that'd be an alternative solution. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
