Comment 16 for bug 1461834

> GPG does not provide a way for APT to validate key lengths when the signature is verified, so we did all we could do here.

Some pages, like https://launchpad.net/~fnu/+archive/ubuntu/main-fnu/ say "Signing key: 1024R" when you click on "Technical details about this PPA". So launchpad clearly knows, and at the very least it *must* put a big warning on such pages, so as not to fool users into compromising the security of their computers. It's not true to say there's nothing launchpad can do.

Since the underlying problem is clearly real, why is this launchpad bug still 'New' and not 'Confirmed' after more than 6 years 2 months?