[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

New requirements for APT repository signing

APT 2.7.13 just landed in unstable and with GnuPG 2.4.5 installed,
or 2.4.4 with a backport from the 2.4 branch, requires repositories
to be signed using one of

- RSA keys of at least 2048 bit
- Ed25519
- Ed448

Any other keys will cause warnings. These warnings will become
errors in March as we harden it up for the Ubuntu 24.04 release,
which was the main driver to do the change *now*.

If you operate third-party repositories using different key
algorithms, now is your time to migrate before you get hit
with an error.

For the Ubuntu perspective, feel free to check out the discourse

debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Attachment: signature.asc
Description: PGP signature

Reply to: