Commit x enables the use of ECC curve-based GPG keys by the Librem Key for PAM-based operations (logging in, sudo, etc.) This change was committed over two years ago (14 April 2019). Given that RSA keys will become increasingly vulnerable, it would be good to get this in.
PureOS 10 has
Package: libpam-poldi Source: poldi (0.4.2+git20161115.553060d-1) Version: 0.4.2+git20161115.553060d-1+b1
This is the same as Debian (Buster, Bullseye, Sid).
I cannot find "commit x"
Understood that you're at the same commit level as Debian. I don't understand why they haven't applied that commit either. My thought was that I'd have better luck filing the request in PureOS's tracker rather than Debian's, because this materially affects the use of the Librem Key.
And I have no idea why/how the commit number was removed from my comment, but here's a link to the actual commit itself:
In general I feel it's better that we receive into PureOS Debian packages as maintained by our upstream, namely Debian. It gives me pause that in this case, the maintainer of libpam-poldi and the person doing a lot of commits in the GitHub mirror are the same person: https://github.com/gpg/poldi/commits/master I don't know what it means that the package hasn't been updated in Debian - does the maintainer not have enough time? Is the patch still undergoing testing?
I'm not sure if it's still undergoing testing. I can tell you that Nitrokey is referencing it here:
There's a section at the bottom of the "Computer Login" section linking directly to the patch. I'll confess to some curiosity as to why it's been left in limbo so long myself.
I find it unlikely that the Debian maintainer will join discussions here, and they are most suitable to address this issue.
Therefore I urge you to please fike a bugreport in Debian and discuss it there.
After digging through the Debian bug logs, they have a bug already filed under a similar title whose fix would cover this as well.
I don't know if you all want to leave this open to track that bug, or if you want to mark as resolved since this is essentially a duplicate of the upstream bug. Either way works for me.