On 02/07/2018 16:16, aparna.g...@dell.com wrote: Hi Aparna,
Can you please be more specific about your fix? What exactly are you going to do? Are you going to re-sign all the packages with the old key? Or will you sign them all with the new key? And if you do that, how exactly are all users going get the new key? Remember that not all users are on this list, so it's not enough to just announce here and tell folk to import the new key. That just won't cut it. I'd like to hear details about your fix. Anand > Hi All, > > We are working on fixing this. The fixed RPMs will be available in ~1 week. > > Thanks, > Aparna > > > -----Original Message----- > From: linux-poweredge-bounces-Lists On Behalf Of James Mathiesen > Sent: Friday, June 29, 2018 6:38 PM > To: linux-poweredge-Lists > Subject: Re: [Linux-PowerEdge] RPM repo GPG key changed > > Dell, > > We also use Spacewalk and the limitation Jeff mentions will be a problem for > us as well. > > There is no customer benefit in using stronger keys and signature algorithms > if Dell doesn’t stop requiring trust in the weaker keys and signature > algorithms. A complete transition would have been disruptive but at least be > a one-time cost with a clear fix, clear benefits and a clear end-state. Using > the existing 1024-bit key with a stronger signing algorithm would have been > non-disruptive but provide lesser benefits. > > If there is a commitment to improving customer security I don't see how this > specific change was a useful intermediate step. If there is no commitment to > improving customer security this change was a waste of everybody's time. > > james > > > > > On 6/28/18, 9:36 PM, "Linux-PowerEdge on behalf of Gottloeb, Jeff [US] (ES)" > <linux-poweredge-boun...@dell.com on behalf of jeffrey.gottl...@ngc.com> > wrote: > > Chandra, > > Please provide the justification for not signing all of the RPMs with the > new key. There are Dell customers with systems that do not have Internet > connectivity and therefore need other solutions to manage the DSU and OMSA > repositories. Red Hat's disconnected Satellite server is one method designed > for this purpose but it does not support multiple GPG keys for the same > repository. > > Is there a target date when all of the RPMs will be signed with this new > key? > > > Jeff Gottloeb > Northrop Grumman IT Solutions > 310 812 4395 > > > > _______________________________________________ > Linux-PowerEdge mailing list > Linux-PowerEdge@dell.com > > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.us.dell.com_mailman_listinfo_linux-2Dpoweredge&d=DwICAg&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=CfAaYCQEf7pGoAdbq0Icw0twCvsk5y-CVhkNDSSJWU0&m=7-VNCLmkBGYWR-b1BySKceKLSMsi72ECRpu5UYm29r0&s=age2iN5lvS7avxm90dRrt9mbQtsQZeHC_SJO-GL-57I&e= > > > _______________________________________________ > Linux-PowerEdge mailing list > Linux-PowerEdge@dell.com > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > _______________________________________________ > Linux-PowerEdge mailing list > Linux-PowerEdge@dell.com > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > _______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
