Re: Intention to tighten RPM crypto-policy back

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 19, 2023 at 12:44 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:
>
> Dne 19. 09. 23 v 11:19 Alexander Sosedkin napsal(a):
> > Because of that, I'd like to revert that RPM policy relaxation
> > https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/a12f7b20638be8f872ad1995c7d2edce41c227b5 in (f39)
> > rawhide and align RPM security with the rest of the policy. Thoughts / feedback?
>
> You can try to load the keys from this collection under the tightened policy:
>
> https://github.com/xsuchy/distribution-gpg-keys/

Awesome suggestion, sorry it took me so long to get back to you.

I'm pleased to see that DSA looks dead:
* adobe/RPM-GPG-KEY-adobe-linux: 2007-02-28 - inf
* calcforge/RPM-GPG-KEY-calcforge: 2007-03-30 - inf
* centos/RPM-GPG-KEY-CentOS-5: 2007-01-06 - 2017-01-03 expired
* datto/DATTO-LEGACYDIST-PKGS-GPG-KEY: 2016-02-29 - inf
* dell/public.key: 2001-04-16 - inf
* epel/217521F6.txt: 2007-03-02 - 2017-02-27 expired
* epel/RPM-GPG-KEY-EPEL-5: 2007-03-02 - 2017-02-27 expired
* fedora/RPM-GPG-KEY-fedora-10-primary: 2008-08-27 - inf
* fedora/RPM-GPG-KEY-fedora-10-testing: 2008-08-27 - inf
* fedora/RPM-GPG-KEY-fedora-14-s390x: 2010-12-23 - inf
* fedora/RPM-GPG-KEY-fedora-8-9-primary: 2008-08-27 - inf
* fedora/RPM-GPG-KEY-fedora-8-9-testing: 2008-08-27 - inf
* google/linux_signing_key.pub: - has RSA-4096 now as well
* jenkins/0x9b7d32f2d50582e6.key: 2009-02-01 - inf (repo has a 2023 version)
* jpackage/jpackage.asc: 2002-10-22 - inf
* mariadb/RPM-GPG-KEY-MariaDB: 2010-02-02 - inf
* mysql/RPM-GPG-KEY-mysql: 2003-02-03 2013-09-18 - 2022-02-16 expired
  (repo has newer ones in the same directory)
* oraclelinux/RPM-GPG-KEY-oracle-el4: 2006-09-05 - 2011-09-04 expired
* oraclelinux/RPM-GPG-KEY-oracle-el5: 2007-05-18 - 2015-05-16 expired
* postgresql/RPM-GPG-KEY-PGDG: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-10: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-84: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-90: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-91: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-92: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-93: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-94: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-95: 2008-01-08 - inf
* postgresql/RPM-GPG-KEY-PGDG-96: 2008-01-08 - inf
* redhat/RPM-GPG-KEY-redhat5-auxiliary: 2006-12-01 - inf
* redhat/RPM-GPG-KEY-redhat5-beta: 2002-03-15 - inf
* redhat/RPM-GPG-KEY-redhat5-former: 1999-09-23 - inf
* redhat/RPM-GPG-KEY-redhat5-release: 2006-12-06 - inf
* redhat/RPM-GPG-KEY-redhat5-rhx: 2007-04-17 - inf
* redhat/RPM-GPG-KEY-redhat6-beta: 2002-03-15 2009-02-24 - inf
* redhat/RPM-GPG-KEY-redhat6-legacy-former: 1999-09-23 - inf
* redhat/RPM-GPG-KEY-redhat6-legacy-release: 2006-12-06 - inf
* redhat/RPM-GPG-KEY-redhat6-legacy-rhx: 2007-04-17 - inf
* redhat/RPM-GPG-KEY-redhat6-release: has RSA-4096 as well
* redhat/RPM-GPG-KEY-redhat8-release: has RSA-4096 as well
* remi/RPM-GPG-KEY-remi: 2005-04-21 - inf (repo has newer ones)
* rpmfusion/RPM-GPG-KEY-rpmfusion-free-el-5: 2008-07-12 - inf
* rpmfusion/RPM-GPG-KEY-rpmfusion-nonfree-el-5: 2008-07-12 - inf
* scientific-linux/RPM-GPG-KEY-sl: 2009-07-10 - inf (repo has newer ones)
* smeserver/RPM-GPG-KEY-SMEServer: 2005-09-30 - inf (repo has newer ones)
* suse/RPM-GPG-KEY-SuSE-SLE-10: 2000-10-19 - 2022-03-14 expired (repo
has newer ones)
* virtualbox/oracle_vbox.asc: 2010-05-18 - inf (repo has newer ones)

If that repo's representative of the real world situation, I declare
the world ready.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux