Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expired-pgp-keys: Detect keys nonconforming to crypto policy #2037

Open
jan-kolarik opened this issue Feb 5, 2025 · 0 comments
Open

expired-pgp-keys: Detect keys nonconforming to crypto policy #2037

jan-kolarik opened this issue Feb 5, 2025 · 0 comments
Labels
Priority: LOW RFE Request For Enhancement (as opposed to a bug)
Milestone
Fedora 42

Comments

@jan-kolarik
Copy link
Member

jan-kolarik commented Feb 5, 2025
edited
Loading

Looking at the expiriation date will miss what I think is the more common issue just now: all the obsolete SHA1 based signatures that will fail in various other ways. Sequoia generally defers this checking to verify rather than import time, but you might want to additionally call pgpPubKeyLint() on the key material to catch at least some of those issues too.

Originally posted by @pmatilai in #1592 (comment)
@github-project-automation github-project-automation bot moved this to Backlog in DNF team Feb 5, 2025
@jan-kolarik jan-kolarik added this to the Fedora 42 milestone Feb 5, 2025
@ppisar ppisar changed the title expired-pgp-keys: Extend functionality with detecting obsolete keys expired-pgp-keys: Detect keys nonconforiming to crypto policy Feb 5, 2025
@ppisar ppisar changed the title expired-pgp-keys: Detect keys nonconforiming to crypto policy expired-pgp-keys: Detect keys nonconforming to crypto policy Feb 5, 2025
@ppisar ppisar added RFE Request For Enhancement (as opposed to a bug) Priority: LOW labels Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: LOW RFE Request For Enhancement (as opposed to a bug)
Projects
DNF team
Status: Backlog
Milestone
Fedora 42
Development

No branches or pull requests
2 participants
@ppisar @jan-kolarik