On Thu, Jan 19, 2023 at 12:52:35PM +0100, Hans-Peter Jansen wrote:
Am Mittwoch, 18. Januar 2023, 14:35:05 CET schrieb Marcus Meissner:
Hi folks,
We will switch the openSUSE Tumbleweed signing key that signs the repositories and RPMs from 2048bit RSA key to a 4096bit RSA key early next week.
They key is already delivered for several months and in your systems.
rpm -ql openSUSE-build-key /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc
Great, this reveals two more questions, Marcus:
Do we have instructions somewhere to migrate home projects correctly?
There the keys are managed by OBS. Currently the default is still 2048 bit, I will see that the OBS dev team changes that. Then "osc signkey --create PROJECT" will replace the key with a new RSA 4096 bit key.
What about the kernel SSL signing keys?
We will change this with the next UEFI secure boot key rotation. I expect this also to happen first half of this year, as we had some UEFI secure boot issues with grub2 end of last year. Ciao, Marcus