Comment 17 for bug 1461834

Why is this still a thing, nearly a decade after NIST disallowed the usage? [1]

Why is it not possible for users to regenerate their signing keys? [2]

What if someone believes their key is compromised? Do they have to burn their work and create an entirely new page and direct their users there?

What if someone created a key with RSA 1024 and would like to migrate it to a secure variant? Looks like they can't. [2]

And it shows, because even very popular PPAs like ondrej/php are using RSA1024 keys from 2009, and it does not look to be their fault. [3]

[1] https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/announcements/2013-announcements
[2] https://bugs.launchpad.net/launchpad/+bug/1331914
[3] https://github.com/oerdnj/deb.sury.org/issues/1429#issuecomment-656190271