Rephrased and forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042391
Please provide a mechanism in gpgv to either communicate back the keysize of a key or fail the validation if key less than <bits>
Apt uses gpgv to verify correct signatures on package files, but apt would like to be able to reject keys smaller than <bits> even if otherwise a valid signature.
There is at least two possible ways:
- give a --min-key-size argument to gpgv and an error code is given
- let gpgv communicate the keysize back somehow.