opensuse-security msgs no longer signed?

When did we stop gpg signing security mailing list messages? :open_mouth:

On Sat, 24 Oct 2015 20:46:03 +0000, JAMcInnes wrote:

> When did we stop gpg signing security mailing list messages? :open_mouth:

You might ask that question on the project mailing list - those messages
arenā€™t generated by the forums (and are not really on-topic for the
install-boot-login forum)

Jim

ā€“
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

I donā€™t know the answer. However, my recollection is that they were signed with key 0x3D25D3D9, which was a pgp2 key. The latest version of gpg no longer supports those older keys, on the grounds that md5 hashes are too weak.

They did release a newer key (0x317CD502). Iā€™m not sure why they havenā€™t started signing with that.

Looking back at the archive, it looks like they only ever signed ā€œSUSE Security Announcement:ā€ type messages. I thought they used to sign them all. Guess not.