On Debian 11 (oldstable) i did apt update/upgrade:

Get:2 http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb debian/yggdrasil amd64 yggdrasil amd64 0.5.1 [6,156 kB]
Fetched 65.1 MB in 45s (1,454 kB/s)                                                                                                                                                                                                        
Reading changelogs... Done
(Reading database ... 301064 files and directories currently installed.)
Preparing to unpack .../yggdrasil_0.5.1_amd64.deb ...
Removed /etc/systemd/system/multi-user.target.wants/yggdrasil.service.
Unpacking yggdrasil (0.5.1) over (0.4.7) ...
Setting up yggdrasil (0.5.1) ...
Backing up configuration file to /var/backups/yggdrasil.conf.20231028
Normalising and updating /etc/yggdrasil/yggdrasil.conf
Created symlink /etc/systemd/system/multi-user.target.wants/yggdrasil.service → /lib/systemd/system/yggdrasil.service.

in resulting file /etc/yggdrasil/yggdrasil.conf
it relocated

  # Your private key. DO NOT share this with anyone!
  PrivateKey: xxx

to the beginning of the file. Yet removed (not added):

  # Your public key. Your peers may ask you for this to put
  # into their AllowedPublicKeys configuration.
  PublicKey: xxx

as a layman, I do not know how big problem this is and if this is something to improve or if what is right place to report this.

The Debian package normalises the configuration on install (the old versions get backed up to /var/backups) so the PrivateKey will have been moved in the file as a part of that process.

PublicKey was always just advisory and didn't ever do anything, so instead you can fetch your public key using yggdrasilctl getSelf now.

yh its still very inconvenient to connect to socket via yggdrasilctl just to get the public key. It needs to be either in config like before or some command line argument that can convert private key to public part.
I dont use these sockets anywhere because i dont need to control or debug yggdrasil and now you made it mandatory to have this feature enabled.
By KISS principle pubkey should be inside the config like it was before.

PublicKey was always just advisory and didn't ever do anything, so instead you can fetch your public key using yggdrasilctl getSelf now.

PublicKey is needed if you whitelisting this node in another node config. Now its more convenient to get this info from logs on connection errors, rather than yggdrasilctl

The public key is also printed on startup if that helps