Closed reneas closed 2 months ago
I wouldn't worry about it too much. This is the Key that is used to Sign the InRelease. So RSA 1024 is considered on the weaker side now. I can't actually find much evidence to support that it is easily cracked. Even if it were cracked they could only sign repos as Daniel. In order for it to actually be a threat they would need to get access to his PPA account and crack his key. Or DNS hijack lauchpad.net + crack his key. I think it's extremely unlikely for this to happen.
The reason these are coming up now is that python-apt has changed how they handle errors and warnings so it kind of just spits them out as they come now. I'm probably not going to fix this and instead focus my energy into trying to get the rust rewrite finished so we pretty much will always know what to expect.
I also found this which is recent. It seems like launchpad is aware and is in the process of re-assigning stronger keys for folks.
https://askubuntu.com/questions/1510042/how-to-fix-launchpad-ppa-which-uses-a-key-with-weak-algorithm https://answers.launchpad.net/launchpad/+question/809194
Okay good to know, tank you :) Will have to wait until they changed all the PPA keys to 4096-bit RSA and in the meantime ignore these messages.
when running
sudo nala update
the output has a line that says:When i run
sudo apt update
nothing like that happens.Can I ignore this or should we be worried? Should I post about this at the
grub-customizer
launchpad?