dist-upgrade uses weak (1024D) signing keys
Bug #1313388 reported by
Rebecca Palmer
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| update-manager (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
By default, System Settings > Software & Updates > Authentication contains two 1024D keys from 2004 and two 4096R keys from 2012. Removing the 1024D keys causes a dist-upgrade from Saucy to Trusty to fail authentication, so they are evidently still used.
Debian considers 1024D keys weak and is in the process of removing them: https:/
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in update-manager (Ubuntu): | |
| status: | New → Confirmed |
| Changed in update-manager (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | Confirmed → Triaged |
To post a comment you must log in.
Migrating away from 1024D keys sounds like a great idea. Thanks.