On Mon, Jul 21, 2025 at 09:15:17PM +0200, Chris Hofstaedtler wrote: > On Mon, Jul 21, 2025 at 01:37:41PM +0200, Julian Andres Klode wrote: > > APT in trixie has the following cut-offs for OpenPGP key algorithms: > > [..] > > Thank you for opening this. Here are some questions however: > > 1) is this info relevant for users of APT or for repository > providers?
Both. repository providers may want to pass --audit to `apt update` to check with a 2-years-ahead policy to get messages a year ahead of their users. > > 2) if its relevant for users, what should users look for and what > should they do when they encounter whatever APT will say/do? They will receive warnings by APT 1 year ahead of the deprecation and need to figure out how to update the keys for their repositories. How to do that will depend on their repository, and I can't provide any advise on that matter other than contacting the repository provider. > > 3) should this go into "Issues to be aware of for trixie" or > "Possible issues during upgrade"? It may even warrant its own section, tbh, to give a clear entry point of how APT repositories are cut-off. > > 4) trust all the details are in the APT documentation or a manpage. > Which one is it / which URL can we link to? We do not provide documentation outside the comment and the debian/NEWS entry. We should document the mechanisms, but not the policy, inside APT. The policy is subject to the policy file in the packaging, as well as the default Sequoia policy which are in a sense outside of APT's control as an upstream identity (different downstreams may apply their own policies). -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
