On Tue, Sep 19, 2023 at 12:44 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > Dne 19. 09. 23 v 11:19 Alexander Sosedkin napsal(a): > > Because of that, I'd like to revert that RPM policy relaxation > > https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/a12f7b20638be8f872ad1995c7d2edce41c227b5 in (f39) > > rawhide and align RPM security with the rest of the policy. Thoughts / feedback? > > You can try to load the keys from this collection under the tightened policy: > > https://github.com/xsuchy/distribution-gpg-keys/ Awesome suggestion, sorry it took me so long to get back to you. I'm pleased to see that DSA looks dead: * adobe/RPM-GPG-KEY-adobe-linux: 2007-02-28 - inf * calcforge/RPM-GPG-KEY-calcforge: 2007-03-30 - inf * centos/RPM-GPG-KEY-CentOS-5: 2007-01-06 - 2017-01-03 expired * datto/DATTO-LEGACYDIST-PKGS-GPG-KEY: 2016-02-29 - inf * dell/public.key: 2001-04-16 - inf * epel/217521F6.txt: 2007-03-02 - 2017-02-27 expired * epel/RPM-GPG-KEY-EPEL-5: 2007-03-02 - 2017-02-27 expired * fedora/RPM-GPG-KEY-fedora-10-primary: 2008-08-27 - inf * fedora/RPM-GPG-KEY-fedora-10-testing: 2008-08-27 - inf * fedora/RPM-GPG-KEY-fedora-14-s390x: 2010-12-23 - inf * fedora/RPM-GPG-KEY-fedora-8-9-primary: 2008-08-27 - inf * fedora/RPM-GPG-KEY-fedora-8-9-testing: 2008-08-27 - inf * google/linux_signing_key.pub: - has RSA-4096 now as well * jenkins/0x9b7d32f2d50582e6.key: 2009-02-01 - inf (repo has a 2023 version) * jpackage/jpackage.asc: 2002-10-22 - inf * mariadb/RPM-GPG-KEY-MariaDB: 2010-02-02 - inf * mysql/RPM-GPG-KEY-mysql: 2003-02-03 2013-09-18 - 2022-02-16 expired (repo has newer ones in the same directory) * oraclelinux/RPM-GPG-KEY-oracle-el4: 2006-09-05 - 2011-09-04 expired * oraclelinux/RPM-GPG-KEY-oracle-el5: 2007-05-18 - 2015-05-16 expired * postgresql/RPM-GPG-KEY-PGDG: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-10: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-84: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-90: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-91: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-92: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-93: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-94: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-95: 2008-01-08 - inf * postgresql/RPM-GPG-KEY-PGDG-96: 2008-01-08 - inf * redhat/RPM-GPG-KEY-redhat5-auxiliary: 2006-12-01 - inf * redhat/RPM-GPG-KEY-redhat5-beta: 2002-03-15 - inf * redhat/RPM-GPG-KEY-redhat5-former: 1999-09-23 - inf * redhat/RPM-GPG-KEY-redhat5-release: 2006-12-06 - inf * redhat/RPM-GPG-KEY-redhat5-rhx: 2007-04-17 - inf * redhat/RPM-GPG-KEY-redhat6-beta: 2002-03-15 2009-02-24 - inf * redhat/RPM-GPG-KEY-redhat6-legacy-former: 1999-09-23 - inf * redhat/RPM-GPG-KEY-redhat6-legacy-release: 2006-12-06 - inf * redhat/RPM-GPG-KEY-redhat6-legacy-rhx: 2007-04-17 - inf * redhat/RPM-GPG-KEY-redhat6-release: has RSA-4096 as well * redhat/RPM-GPG-KEY-redhat8-release: has RSA-4096 as well * remi/RPM-GPG-KEY-remi: 2005-04-21 - inf (repo has newer ones) * rpmfusion/RPM-GPG-KEY-rpmfusion-free-el-5: 2008-07-12 - inf * rpmfusion/RPM-GPG-KEY-rpmfusion-nonfree-el-5: 2008-07-12 - inf * scientific-linux/RPM-GPG-KEY-sl: 2009-07-10 - inf (repo has newer ones) * smeserver/RPM-GPG-KEY-SMEServer: 2005-09-30 - inf (repo has newer ones) * suse/RPM-GPG-KEY-SuSE-SLE-10: 2000-10-19 - 2022-03-14 expired (repo has newer ones) * virtualbox/oracle_vbox.asc: 2010-05-18 - inf (repo has newer ones) If that repo's representative of the real world situation, I declare the world ready. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
