Allow users to re-generate a PPA signing key
Bug #1331914 reported by
Unit 193
This bug affects 22 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
High
|
Unassigned |
Bug Description
Howdy,
It'd be great if a user could re-generate their PPA's GPG key, mainly in follow up to Bug #1240681.
Problems with this include users trying to load down the machines and/or pointlessly depleting the random pool, and more minor issues of having to re-add the key to apt's trusted gpg keyring.
Changed in launchpad: | |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: gpg ppa security |
tags: | added: soyuz-publish |
tags: | added: vulnerability |
information type: | Public → Public Security |
To post a comment you must log in.
As mentioned in bug #1461834, once this is possible it should be mandatory with a very short sunset period. There is executable code signed by these vulnerable keys.