** Description changed: Zesty and later (LP: #1363482) are no longer shipping with 1024D keys but older LTS releases (Trusty/Xenial) still trust those weak keys: $ lsb_release -sc xenial $ apt-key list /etc/apt/trusted.gpg -------------------- pub 1024D/437D05B5 2004-09-12 uid Ubuntu Archive Automatic Signing Key <[email protected]> sub 2048g/79164387 2004-09-12 pub 4096R/C0B21F32 2012-05-11 uid Ubuntu Archive Automatic Signing Key (2012) <[email protected]> pub 4096R/EFE21092 2012-05-11 uid Ubuntu CD Image Automatic Signing Key (2012) <[email protected]> pub 1024D/FBB75451 2004-12-30 uid Ubuntu CD Image Automatic Signing Key <[email protected]> - On Xenial, I found no problem after deleting the 2 1024D keys: - $ sudo apt-key del 2A38B3EB + $ sudo apt-key del FBB75451 $ sudo apt-key del 437D05B5 $ sudo apt-get -qq update $ echo $? # returned 0 + On Trusty, it seems that removing the key 437D05B5 leads to warnings due + to the double-signing: - On Trusty, it seems that removing the key 437D05B5 leads to warnings due to the double-signing: - - $ sudo apt-key del 2A38B3EB + $ sudo apt-key del FBB75451 $ sudo apt-key del 437D05B5 $ sudo apt-get -qq update W: There is no public key available for the following key IDs: 40976EAF437D05B5 W: There is no public key available for the following key IDs: 40976EAF437D05B5 W: There is no public key available for the following key IDs: 40976EAF437D05B5 $ echo $? # returned 0 It seems that "apt-get update" is still happy as it can validate using the stronger key.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1786471 Title: remove 1024D keys from ubuntu-keyring on older LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1786471/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
