1. launchpad starts dual-signing repositories
2. ubuntu-release-upgrader gets a quirk that replaces any unsafe PPA keys on upgrade to kinetic+ (jammy backport possible too, but arguably people might have already upgraded)
3. Drop 1024 bit keys for kinetic+
This will lead to everyone running kinetic and newer to at least use RSA keys.
What I'd like to see is that
1. launchpad starts dual-signing repositories release- upgrader gets a quirk that replaces any unsafe PPA keys on upgrade to kinetic+ (jammy backport possible too, but arguably people might have already upgraded)
2. ubuntu-
3. Drop 1024 bit keys for kinetic+
This will lead to everyone running kinetic and newer to at least use RSA keys.