new PPAs are re-using old 1024-bit RSA signing keys
Bug #1700167 reported by
Steve Beattie
This bug affects 8 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
In Progress
|
High
|
Colin Watson |
Bug Description
According to bug 1240681, the default signing key size for launchpad PPAs was changed from 1024-bit to 4096-bit keys. However, I just created the test ppa:
https:/
and launchpad is re-using an old 1024-bit key for this new ppa:
If the keys are per launchpad user rather than per PPA, then there is no way for an existing launchpad user to create a PPA with gpg keys that meet modern key size recommendations, without creating a new launchpad ID entirely (problematic for other reasons).
Related branches
~cjwatson/launchpad:stop-ppa-key-propagation
Ready for review
for merging
into
launchpad:master
- Robert Hardy (community): Needs Fixing
- Launchpad code reviewers: Pending requested
-
Diff: 337 lines (+36/-145)6 files modifiedlib/lp/archivepublisher/archivegpgsigningkey.py (+0/-27)
lib/lp/archivepublisher/tests/archive-signing.txt (+13/-61)
lib/lp/archivepublisher/tests/test_archivegpgsigningkey.py (+17/-17)
lib/lp/soyuz/model/archive.py (+0/-8)
lib/lp/soyuz/stories/webservice/xx-archive.txt (+1/-1)
lib/lp/soyuz/tests/test_archive.py (+5/-31)
Changed in launchpad: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
To post a comment you must log in.
This could be solved by https:/ /bugs.launchpad .net/launchpad/ +bug/1331914 I think?