On Wed, Feb 15, 2023 at 6:57 AM Marcus Meissner <meissner@suse.de> wrote:
On Wed, Feb 15, 2023 at 06:54:37AM -0500, Neal Gompa wrote:
On Wed, Jan 18, 2023 at 8:35 AM Marcus Meissner <meissner@suse.de> wrote:
Hi folks,
We will switch the openSUSE Tumbleweed signing key that signs the repositories and RPMs from 2048bit RSA key to a 4096bit RSA key early next week.
They key is already delivered for several months and in your systems.
rpm -ql openSUSE-build-key /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc
fingerprint: pub rsa4096/0x35A2F86E29B700A4 2022-06-20 [SC] [expires: 2026-06-19] Key fingerprint = AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4 uid openSUSE Project Signing Key <opensuse@opensuse.org>
and should be in trusted RPM keyring already:
rpm -qi gpg-pubkey-29b700a4-62b07e22 ... will show it ...
Tracker bug: https://bugzilla.suse.com/show_bug.cgi?id=1199184
Is the openSUSE Backports key changing too?
Yes, this is in my plan, as it is also 2048bit RSA.
It is a bit more tricky as the SLE PackageHub module imports it in a bit too hardcoded fashion currently.
Do you have a timeline for that? I'm working on refreshing the keys in distribution-gpg-keys and rpm-repos-openSUSE, since that was missed in the initial key transition for Factory. -- 真実はいつも一つ!/ Always, there's only one truth!