With the change we have added all curves with 256 or more bits to the assertion:
APT::Key::Assert-Pubkey-Algo
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";
We are also introducing a new next level:
APT::Key::Assert-Pubkey-Algo::Next
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512";
- keys not falling into this string are producing a warning.
As well as a 'future' level:
APT::Key::Assert-Pubkey-Algo::Future ">=rsa3072,ed25519,ed448";
- keys not falling into this string are producing an --audit message
only
** Summary changed:
- Only revoke RSA explicitly
+ More nuanced public key algorithm revocation
** Also affects: apt (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Oracular)
Importance: Undecided
Assignee: Julian Andres Klode (juliank)
Status: New
** Changed in: apt (Ubuntu Noble)
Milestone: None => ubuntu-24.04.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073126
Title:
More nuanced public key algorithm revocation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
