summaryrefslogtreecommitdiff
path: root/debian/default-sequoia.config
Commit message (Collapse)AuthorAgeFilesLines
* Update Sequoia crypto policyJulian Andres Klode2025-04-251-2/+16
| | | | | | | | | | | | | Move our cut-offs to February to align with Sequoia, and cut-off more: - 2024-02: DSA keys retroactively (align with GnuPG config) - 2026-02: SHA224 hashes - 2028-02: Brainpool keys (align closer with GnuPG backend) - 2030-02: RSA2048 keys These algorithms will not be valid starting on those cut-off dates. Gbp-Dch: full
* Extend v3 subkey expiry to 2026, owing to OBS useJulian Andres Klode2025-01-011-0/+2
| | | | | SUSE's Open Build Service is signing multiple repositories using v3 signing keys.
* debian: Add default policy to allow SHA-1 self-signatures until 2026Julian Andres Klode2024-12-221-0/+2
Many repositories still have SHA-1 self-signatures, and they are not security relevant for APT repositories in the first place since we do not use a web of trust model, but rather a set of trusted keyrings, and the subkey can essentially be always considered trusted even if it cannot be verified.