launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~cjwatson/launchpad:stop-ppa-key-propagation into launchpad:master

To: Colin Watson <cjwatson@xxxxxxxxxxxxx>
From: Robert Hardy <mp+392627@xxxxxxxxxxxxxxxxxx>
Date: Sun, 30 Oct 2022 19:39:05 -0000
In-reply-to: <160330856167.22783.2365385372606683951.launchpad@ackee.canonical.com>
Reply-to: mp+392627@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Review: Needs Fixing

Like many other long term users on Launchpad, I need to be able to update my signing key on Launchpad. I have no trouble approving this outright but it would really surprise me if I have the rights to approve this alone.

I ask whomever does to serious reconsider this. Launchpad is only as good as its trust anchors. Right now for a lot of long term developers the under-pinnings i.e. a 1024 bit signing key are insecure.

If this is being stalled because others care about excessive key generation on keyserver network for PPA keys, why not change the proposed code so this only happens once if the existing signing key associated with the user is an insecure 1024 bit key. This would trigger a single badly needed key update only where it is needed.
-- 
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/392627
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:stop-ppa-key-propagation into launchpad:master.

References

[Merge] ~cjwatson/launchpad:stop-ppa-key-propagation into launchpad:master
From: Colin Watson, 2020-10-21