3. APT, when checking the InRelease file, trusts it (and it could only become trusted with the strong key signature, the only it knows), but also sees a second signature with a week algorithm. Emits a warning.
So, I only see a false warning for the user: the system is safe using the stronger key, and the legacy signature raises a warning that shouldn't be used anyway No, APT only issues warnings for keys that were actually used to verify a signature, so if you see a warning from APT, the key is still in your keyring. In 24.10 you can use `add-apt-repository --refresh-keys` to refresh all PPA keys and list any other keys. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065932 Title: Only adds the weak key for PPAs dual-signed with both weak and strong keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/2065932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
