>
> On Wed, Jan 24, 2024, Michael Hudson-Doyle wrote:
> > On Tue, 23 Jan 2024 at 02:31, Jeremy Bícha <jeremy.bicha@canonical.com>
> > wrote:
> >
> > > On Mon, Jan 22, 2024 at 7:36 AM Dimitri John Ledkov
> > > <dimitri.ledkov@canonical.com> wrote:
> > > > > Sadly shipping this in 24.04 means that PPAs owned by user
> > > > > accounts created prior to 2014-03-11[3] until the key rotation
> > > > > mechanism(s) [4][5] have been implemented.
> > > > >
> > > >
> > > > I do wonder how many active old PPA owners remain in action.
> > > >
> > > > And if we can reset per-series signing keys on all of those for any
> > > > new PPAs, and noble series (meaning single signe, new key for noble+).
> > > >
> > > > I have personally created a new team for myself, only added myself to
> > > > be a member of said team, to gain access to PPAs signed with 4k RSA
> > > > key, as I can no longer use my own ppas. I guess I should ask to
> > > > delete them all, and request removal of the signing key to gain back
> > > > personal PPAs with 4k signing key.
> > >
> > > Many of Ubuntu's core teams are older than 2014. This includes
> > > Desktop, Checkbox, Kernel, Pythoneers, Security, Mozilla, LibreOffice,
> > > Kubuntu, Lubuntu.
> > >
> > > I suspect that this change would break most of the heaviest used PPAs.
> > > We need a coordinated transition.
> > >
> >
> > I agree with Jeremy that we can't just blithely assume all PPAs created
> > before 2014 are no longer much used.
> >
> > Unfortunately I don't know what that means for a way forward. Clearly 1024R
> > keys should be retired. From one angle, I can imagine a scheme were a repo
> > is dual-signed and signs the new key with the old to convince apt to update
> > it but from another this seems impossible (and clearly very unlikely to
> > land before noble GA).
>
> We know of at least one active PPA with a 1024-bit key:
> https://launchpad.net/~videolan/+archive/ubuntu/master-daily .
There are many more active 1024-bit PPAs. In my earlier reply. I
listed several teams that have 1024 bit keys. Some of those teams use
their PPAs for mostly development series work like Pythoneers and this
change may not be disruptive. For others, the PPA is an important
component of what they offer the community: like Kubuntu and Lubuntu.
Thank you,
Jeremy Bícha
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
