[Bug 2073126] Re: More nuanced public key algorithm revocation

Andreas Hasenack Tue, 25 Mar 2025 21:25:55 -0700

I tested with (only changed rsa from the defaults):
APT::Key::Assert-Pubkey-Algo 
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";
APT::Key::Assert-Pubkey-Algo::Next 
">=rsa5120,ed25519,ed448,nistp256,nistp384,nistp512";
APT::Key::Assert-Pubkey-Algo::Future ">=rsa6144,ed25519,ed448";


And got:
$ sudo apt update
Hit:1 http://br.archive.ubuntu.com/ubuntu noble InRelease
Hit:2 http://br.archive.ubuntu.com/ubuntu noble-updates InRelease               
  
Hit:3 http://br.archive.ubuntu.com/ubuntu noble-backports InRelease             
  
Hit:4 http://br.archive.ubuntu.com/ubuntu noble-security InRelease              
  
Hit:5 https://ppa.launchpadcontent.net/ahasenack/apt-sru/ubuntu noble InRelease 
  
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: http://br.archive.ubuntu.com/ubuntu/dists/noble/InRelease: Signature by key 
F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-updates/InRelease: Signature 
by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-backports/InRelease: 
Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm 
(rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-security/InRelease: 
Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm 
(rsa4096)
W: 
https://ppa.launchpadcontent.net/ahasenack/apt-sru/ubuntu/dists/noble/InRelease:
 Signature by key 6BD1A790B3211D9CE0A04D073DA665FECBA631A9 uses weak algorithm 
(rsa4096)

Meaning, rsa4096 is MISSING from ::Next, and I got a warning.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073126

Title:
  More nuanced public key algorithm revocation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2073126] Re: More nuanced public key algorithm revocation

Reply via email to