[Linux-PowerEdge] RPM repo GPG key changed

Aparna_Giri at Dell.com Aparna_Giri at Dell.com
Mon Jul 2 09:16:49 CDT 2018


Hi All,

We are working on fixing this. The fixed RPMs will be available in ~1 week. 

Thanks,
Aparna


-----Original Message-----
From: linux-poweredge-bounces-Lists On Behalf Of James Mathiesen
Sent: Friday, June 29, 2018 6:38 PM
To: linux-poweredge-Lists
Subject: Re: [Linux-PowerEdge] RPM repo GPG key changed

Dell,

We also use Spacewalk and the limitation Jeff mentions will be a problem for us as well.

There is no customer benefit in using stronger keys and signature algorithms if Dell doesn’t stop requiring trust in the weaker keys and signature algorithms. A complete transition would have been disruptive but at least be a one-time cost with a clear fix, clear benefits and a clear end-state. Using the existing 1024-bit key with a stronger signing algorithm would have been non-disruptive but provide lesser benefits.

If there is a commitment to improving customer security I don't see how this specific change was a useful intermediate step.  If there is no commitment to improving customer security this change was a waste of everybody's time.  

james




On 6/28/18, 9:36 PM, "Linux-PowerEdge on behalf of Gottloeb, Jeff [US] (ES)" <linux-poweredge-bounces at dell.com on behalf of jeffrey.gottloeb at ngc.com> wrote:

    Chandra,
    
    Please provide the justification for not signing all of the RPMs with the new key.  There are Dell customers with systems that do not have Internet connectivity and therefore need other solutions to manage the DSU and OMSA repositories.  Red Hat's disconnected Satellite server is one method designed for this purpose but it does not support multiple GPG keys for the same repository.
    
    Is there a target date when all of the RPMs will be signed with this new key?
    
    
    Jeff Gottloeb
    Northrop Grumman IT Solutions
    310 812 4395
    
    
    
    _______________________________________________
    Linux-PowerEdge mailing list
    Linux-PowerEdge at dell.com
    https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.us.dell.com_mailman_listinfo_linux-2Dpoweredge&d=DwICAg&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=CfAaYCQEf7pGoAdbq0Icw0twCvsk5y-CVhkNDSSJWU0&m=7-VNCLmkBGYWR-b1BySKceKLSMsi72ECRpu5UYm29r0&s=age2iN5lvS7avxm90dRrt9mbQtsQZeHC_SJO-GL-57I&e=
    

_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge


More information about the Linux-PowerEdge mailing list