Deprecated PPA key algos

elementary / os

The OS build system

https://elementary.io

GNU General Public License v3.0

969 stars 128 forks source link

Deprecated PPA key algos #714

Closed vjr closed 1 week ago

vjr commented 2 weeks ago

When doing a sudo apt update in the terminal you see the following:

W: https://ppa.launchpadcontent.net/elementary-os/daily/ubuntu/dists/noble/InRelease: Signature by key 6C8769CEDC20F5E66C3B7D37BF36996C4E1F8A59 uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/elementary-os/os-patches/ubuntu/dists/noble/InRelease: Signature by key 6C8769CEDC20F5E66C3B7D37BF36996C4E1F8A59 uses weak algorithm (rsa1024)

Does this mean the PPA signing keys should be updated?

davidmhewitt commented 2 weeks ago

The noble PPA is already dual-signed with a newer algorithm as well as the older one, we just need to update the keys we inject into the image to use the rsa4096 key instead.

Reference: https://answers.launchpad.net/launchpad/+question/812470

Here's the new key: https://keyserver.ubuntu.com/pks/lookup?search=364837cf91e070910231c2fe8219b3a0aef3d498&fingerprint=on&op=index

vjr commented 2 weeks ago

Thanks - I guess this is a bite size fix which I can attempt - so I'll open a (hopefully working) PR shortly.