Michal Čihař - Changed Debian repository signing key

Changed Debian repository signing key

After getting complains from apt and users, I've finally decided to upgrade signing key on my Debian repository to something more decent that DSA. If you are using that repository, you will now have to fetch new key to make it work again.

The old DSA key was there really because my laziness as I didn't want users to reimport the key, but I think it's really good that apt started to complain about it (it doesn't complain about DSA itself, but rather on using SHA1 signatures, which is most you can get out of DSA key).

Anyway the new key ID is DCE7B04E7C6E3CD9 and fingerprint is 4732 8C5E CD1A 3840 0419 1F24 DCE7 B04E 7C6E 3CD9. It's signed by my GPG key, so you can verify it this way. Of course instruction on my Debian repository page have been updated as well.

Comments

wrote on May 12, 2016, 10:21 a.m.

You could also ship a keyring package, which would let you push a new key to users with a package install/upgrade instead of manual dowload/sigcheck/trust steps.

wrote on May 12, 2016, 10:30 a.m.

That's on the list as well, I just need to find time for this :-).

New Comment

You can not add new comments to old blog posts.