Grub Customizer

Repository weak algorithm

Asked by A G Meyer

Hi there.

When I run an update against the Grub Customizer repository, I get this message:

W: https://ppa.launchpadcontent.net/danielrichter2007/grub-customizer/ubuntu/dists/noble/InRelease: Signature by key 59DAD276B942642B1BBD0EACA8AA1FAA3F055C03 uses weak algorithm (rsa1024)

Do you have plans to update that to a stronger algorithm?

Thank you.

Question information

Language:
English Edit question
Status:
Solved
For:
Grub Customizer Edit question
Assignee:
No assignee Edit question
Solved by:
Guruprasad
Solved:
Last query:
Last reply:
Revision history for this message
Best Guruprasad (lgp171188) said : 		#1

Hi, we, the Launchpad team, are working to roll out the necessary changes in Launchpad to get this and all other affected PPAs resigned with a new strong 4096-bit RSA signing key. This is only a warning at the moment and will be changed to an error when Ubuntu 24.04.1 is released in August 2024. The Launchpad changes will be done well in advance to that release date.

Revision history for this message
A G Meyer (justsomeguyinslc) said : 		#2

Question was answered.

Revision history for this message
Michael Heuberger (michael.heuberger) said : 		#3

If that's the case, to be resolved in this August, why is the debug level a warning, confusing us all?

Downgrade it to a `info` debug level maybe?

Revision history for this message
Guruprasad (lgp171188) said : 		#4

> If that's the case, to be resolved in this August, why is the debug level a warning, confusing us all?
> Downgrade it to a `info` debug level maybe?

If you believe this is incorrect or a bug, please report a bug against the apt package.

Revision history for this message
Mark (drummer-nrg) said : 		#5

@michael.heuberger Warning is appropriate, the key strength is considered possible to crack and you pose an increased risk installing this software. Hence you followed the warning and posted here. Info would not be appropriate because the situation and resolution would not be cited.

Revision history for this message
Guruprasad (lgp171188) said : 		#6

All the affected Launchpad PPAs have been signed with a secure key and Launchpad now exposes the new key. On systems which already have the affected PPAs added, please remove and re-add the PPA.