Hi, Quoting Julian Andres Klode (2024-02-28 20:20:12) > APT 2.7.13 just landed in unstable and with GnuPG 2.4.5 installed, > or 2.4.4 with a backport from the 2.4 branch, requires repositories > to be signed using one of > > - RSA keys of at least 2048 bit > - Ed25519 > - Ed448 > > Any other keys will cause warnings. These warnings will become > errors in March as we harden it up for the Ubuntu 24.04 release, > which was the main driver to do the change *now*. I talked to David in #debian-devel and had a look at apt commit 50e3fee26a. This change requires a version of gpgv with support for the --assert-pubkey-algo commandline argument. The version of gnupg2 in unstable or experimental does not include this, so it seems we cannot currently test this in Debian. Furthermore, if you really need support for repositories with fewer RSA bits even after a new version of gnupg2 lands in Debian, you can change the apt configuration APT::Key::Assert-Pubkey-Algo which has a default value of ">=rsa2048,ed25519,ed448" to something else or set it to the empty string to entirely disable this functionality. Maybe this helps someone. Thanks! cheers, josch
Attachment:
signature.asc
Description: signature