When did we stop gpg signing security mailing list messages?
On Sat, 24 Oct 2015 20:46:03 +0000, JAMcInnes wrote:
> When did we stop gpg signing security mailing list messages?
You might ask that question on the project mailing list - those messages
arenāt generated by the forums (and are not really on-topic for the
install-boot-login forum)
Jim
ā
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
I donāt know the answer. However, my recollection is that they were signed with key 0x3D25D3D9, which was a pgp2 key. The latest version of gpg no longer supports those older keys, on the grounds that md5 hashes are too weak.
They did release a newer key (0x317CD502). Iām not sure why they havenāt started signing with that.
Looking back at the archive, it looks like they only ever signed āSUSE Security Announcement:ā type messages. I thought they used to sign them all. Guess not.