On 03/03/2022 10:05, Peter Georg wrote:
On 03/03/2022 09.15, Fabian Arrotin wrote:
<snip>
Thanks for the detailed information. Two follow-up questions from my side:
- Looking at the change for centos-release [1] the old and new gpg
public key (with and without suffix -SHA512) are now included in centos-gpg-keys. Is there a technical reason to have both versions of the key included or is it fine to simply replace the key (same name)?
- Are the new gpg public keys working for EL8 (and EL7)? I'd like to
avoid having different keys in centos-release-* and listed on https://www.centos.org/keys/.
WRT 2, the previous key[s] can still be imported on new installs on el7/el8 as the change was only introduced in el9. But yes, I think it would be better to have the same file[s] distributed everywhere (don't forget that the gpg public key is the same, only signed with a different digest algo)