[CentOS-devel] GPG check FAILED using CentOS Stream 9 Extras and other SIG Keys

Thu Mar 3 13:13:30 UTC 2022
Fabian Arrotin <arrfab at centos.org>

On 03/03/2022 10:05, Peter Georg wrote:
> On 03/03/2022 09.15, Fabian Arrotin wrote:
> Thanks for the detailed information.
> Two follow-up questions from my side:
> 1. Looking at the change for centos-release [1] the old and new gpg 
> public key (with and without suffix -SHA512) are now included in 
> centos-gpg-keys. Is there a technical reason to have both versions of 
> the key included or is it fine to simply replace the key (same name)?
> 2. Are the new gpg public keys working for EL8 (and EL7)? I'd like to 
> avoid having different keys in centos-release-* and listed on 
> https://www.centos.org/keys/.

WRT 2, the previous key[s] can still be imported on new installs on 
el7/el8 as the change was only introduced in el9.
But yes, I think it would be better to have the same file[s] distributed 
everywhere (don't forget that the gpg public key is the same, only 
signed with a different digest algo)

Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | twitter: @arrfab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xA25DBAFB17F3B7A1.asc
Type: application/pgp-keys
Size: 12767 bytes
Desc: OpenPGP public key
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20220303/b304b3f6/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20220303/b304b3f6/attachment.sig>