Allow users to re-generate a PPA signing key

Bug #1331914 reported by Unit 193 on 2014-06-19
This bug affects 14 people
Affects Status Importance Assigned to Milestone
Launchpad itself

Bug Description


It'd be great if a user could re-generate their PPA's GPG key, mainly in follow up to Bug #1240681.

Problems with this include users trying to load down the machines and/or pointlessly depleting the random pool, and more minor issues of having to re-add the key to apt's trusted gpg keyring.

William Grant (wgrant) on 2014-06-19
Changed in launchpad:
importance: Undecided → High
status: New → Triaged
tags: added: gpg ppa security
tags: added: soyuz-publish
deutrino (deutrino) wrote :

As mentioned in bug #1461834, once this is possible it should be mandatory with a very short sunset period. There is executable code signed by these vulnerable keys.

Alin Andrei (nilarimogard) wrote :

It's now more important than ever to get an option to regenerate the PPA signing key and get a stronger key because in Xenial, users are flooded with this:

W: gpgv:/var/lib/apt/lists/ppa.launchpad.net_atareao_atareao_ubuntu_dists_xenial_InRelease: The repository is insufficiently signed by key A3D8A366869FE2DC5FFD79C36A9653F936FD5529 (weak digest)

Unit 193 (unit193) wrote :

That's actually a different issue that is tracked (and mostly fixed now) in #1556666.

Alin Andrei (nilarimogard) wrote :

I missed that one, thank you!

Matt Corallo (bluematt) wrote :

Any update on this? There are a lot of people who use PPAs and this is very much not ideal for the security of the Ubuntu community. This is doubly true given that all of the not-so-secure keys have been out there for quite a long time.

Andy Brody (abrody) wrote :

What is involved in implementing this functionality?

Colin Watson (cjwatson) wrote :

I think the first step is working out the database, webapp model, and archive publisher changes needed to have archives signed with more than one key. Once that's in place, we'd need some webservice and/or web UI methods to manage the set of keys in use.

There's probably no way around the fact that any key transition is going to be rough for some clients, though it might be worth somebody looking at whether anything can be done client-side: for example, given that software-properties knows how to add the key used to sign a PPA at the moment on the basis of knowing how to communicate securely with Launchpad, something in that area could potentially help out with key transitions in a similar way.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers