Skip to content

Update Sequoia crypto policy, implement year-ahead warning

Julian Andres Kloderequested to merge
jak/apt:policy-as-of into main

Move our cut-offs to February to align with Sequoia, and cut-off more:

  • 2024-02: DSA keys retroactively (align with GnuPG config)
  • 2026-02: SHA224 hashes
  • 2028-02: Brainpool keys (align closer with GnuPG backend)
  • 2030-02: RSA2048 keys

These algorithms will not be valid starting on those cut-off dates.

Gbp-Dch: full

Also implement warnings for signatures that will be rejected by the policy within the next year.

Merge request reports