Hi > I wonder if this is really what we want for uscan. Debian can impose a > policy on Debian developers' keys, but this is about upstream > developers' keys: isn't a weak key/signature better than no signature at > all?
This is an interesting question, and I don't have an answer to it, but I'll try to reason a bit about it and supply my opinions on the matter. First an assumption: The validation protects against a real attack scenario, I consider the question of this should be done at all to be out of scope. Then it maybe be useful to try to put a monetary value on how weak the key is, so that we can try to get a gut feeling on what we are talking about. Based on some googling and finding numbers on the internet ( this answer: https://security.stackexchange.com/a/275759 and that a more modern miner uses 9.5 Joules of energy per tera-hash https://www.asicminervalue.com/miners/bitmain/antminer-s23-hyd-580th) gives a ball park number of $400k to break such a key. There is a lot to critique about this methodology to find a number, but it gives a ballpark at least. This puts the attack out of reach for most individuals, but within reach of all organizations and nation states. We can also look at what the large standardization organizations say about DSA keys: FIPS: have forbidden the verification of DSA signatures made after february 2023. CA/Browser Forum Baseline Requirements banned DSA certificates. OpenSSH disabled DSA support by default in OpenSSH 7.0. We can also assume that the reason that the upstream maintainer performs the extra work of signing their releases are because that it protects against an attack scenario that they care about. Therefore I think that the right course of action in this scenario is to reach out to the upstream maintainer and ask them to switch to a secure key. Better to be upfront about that the signature doesn't provide enough security to be worth checking, than accepting any signature and pretending that it protects something. At least then it's explicit that the key is bad. In my personal opinion it's a bug in GnuPG that it says "Good signature" in this case, but I'm not sure that I would be able to convince the GnuPG maintainers about that. best regards Alexander Kjäll
