Why is this still a thing, nearly a decade after NIST disallowed the usage? [1]
Why is it not possible for users to regenerate their signing keys? [2]
What if someone believes their key is compromised? Do they have to burn their work and create an entirely new page and direct their users there?
What if someone created a key with RSA 1024 and would like to migrate it to a secure variant? Looks like they can't. [2]
And it shows, because even very popular PPAs like ondrej/php are using RSA1024 keys from 2009, and it does not look to be their fault. [3]
[1] https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/announcements/2013-announcements [2] https://bugs.launchpad.net/launchpad/+bug/1331914 [3] https://github.com/oerdnj/deb.sury.org/issues/1429#issuecomment-656190271
Why is this still a thing, nearly a decade after NIST disallowed the usage? [1]
Why is it not possible for users to regenerate their signing keys? [2]
What if someone believes their key is compromised? Do they have to burn their work and create an entirely new page and direct their users there?
What if someone created a key with RSA 1024 and would like to migrate it to a secure variant? Looks like they can't. [2]
And it shows, because even very popular PPAs like ondrej/php are using RSA1024 keys from 2009, and it does not look to be their fault. [3]
[1] https:/ /csrc.nist. gov/projects/ cryptographic- algorithm- validation- program/ announcements/ 2013-announceme nts /bugs.launchpad .net/launchpad/ +bug/1331914 /github. com/oerdnj/ deb.sury. org/issues/ 1429#issuecomme nt-656190271
[2] https:/
[3] https:/