Policy For Sunsetting GPG Keys < 2048 Bits

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 27 16:55:03 UTC 2014

On 2014-11-26 07:05 PM, Kees Cook wrote:
> I think we should have the same policy for PPAs, and it should follow the
> same timeline. Additionally, we should have LP reject uploading weak keys,
> which could happens early in the transition timeline.

The good news is newly created PPAs now use 4096 RSA keys:


The bad news is I don't believe there's currently a way to transition existing
PPAs to a new key.


More information about the technical-board mailing list