[pkg-gnupg-maint] Bug#1042391: gpgv: add --min-rsa-length

Julian Andres Klode jak at debian.org
Tue Jan 16 10:02:28 GMT 2024


Control: severity -1 important

On Thu, Jul 27, 2023 at 12:16:54PM +0200, Julian Andres Klode wrote:
> Package: gpgv
> Version: 2.2.40-1.1ubuntu1
> Severity: normal
> X-Debbugs-Cc: jak at debian.org
> 
> I believe this allows APT to request a safe minimum RSA length from gpgv for
> verification purposes, and then we could even run gpgv a 2nd time
> without the flag and print a diagnostic for an orderly transition to
> at least 2048R.

Bumping this. 1024R keys are becoming increasingly unsafe, and this
will eventually become release critical for trixie because we shouldn't
ship it with trust for those keys.

And APT is not capable of checking the key size itself because gpg
status fd doesn't expose it - that'd be an alternative solution.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en



More information about the pkg-gnupg-maint mailing list