Skip to content
Snippets Groups Projects

Draft: Consider signatures by DSA keys as weak

Closed Draft: Consider signatures by DSA keys as weak
donkult/apt:feature/weakpubkeydsa into main
Closed David Kalnischkies requested to merge donkult/apt:feature/weakpubkeydsa into main

We deprecated and phased out SHA1 as digest algorithm. While we can not control the key size we can at least officially phase out DSA keys with rather similar code. There shouldn't be a lot of DSA keys still in use, but moving directly to untrusted seems unfair, so we start with weak here.

So similar in fact that it reuses the warning message which talks about the "digest algorithm (DSA)" now, but it seems unfair to burden translators with a new string which is a) rarely shown and b) probably not very understandable for a "normal" user even if it would be talking about "pubkey algorithm (DSA)".

Note sure anymore why I wrote this… I just found the branch between a bunch of other unpublished/unfinished stuff… oh well. Do we want to do this? Should this be brushed up and finished or abandoned? Clean own message or this semi-dirty reuse?

A finished branch might deal better with the Untrusted state. I think we had a complain recently about that on IRC – it is indeed a bit sad that apts error messages are clear about what is going on in the Weak vs Untrusted state.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply