Preview of the 1.135 release now available
0 views
Skip to first unread message
David Groep
Apr 29, 2025, 2:47:12 AM4/29/25
to All IGTF Members (igtf-general)
Dear all,
The preview of IGTF release 1.135 is now available for final review from
the URL below, with a scheduled release date of Monday 5 May:
https://dl.igtf.net/distribution/tests/PMA-PRIVATE-PREVIEW/releases/1.135/
It is a special one, since in this release - finally - the default package
signing key will change to the 4th generation RSA 2048 GPG key. This may
lead to questions form downstream sites for our relying parties. Additional
information has been added to the changelog for this.
Changes from 1.134 to 1.135
---------------------------
(5 May 2025)
* Withdrawn discontinued HPCI CA (JP)
NOTE: the _default_ package signing key has changes to the 4th generation
for increased security and compatibility. The new key is a 2048 bit
RSA with fingerprint 565F4528EAD3F53727B5A2E9B055005676341F1A.
The GPG public key file can be retrieved from
https://dl.igtf.net/distribution/current/GPG-KEY-EUGridPMA-RPM-4
and imported on rpm-based distributions with 'rpmkeys --import <file>'
or on Debian (apt) based systems set in Signed-By in sources.list or
added as a file in /etc/apt/trusted.gpg.d/
This change was first announced in the 1.122 release (August 2023),
but a distribution signed with the generation-3 key remains available.
A signature of the gen-4 key signed by the gen-3 GPG key is available
from https://dl.igtf.net/distribution/current/ for validation.
The planned release date to EGI and major relying parties, as well as the
public IGTF release, is planned for Monday May 5th.
Best,
DavidG.
--
David Groep
** Nikhef, Dutch National Institute for Subatomic Physics, PDP programme **
** Maastricht University, FSE - Department of Advanced Computing Sciences **
** Visiting address: Science Park 105 room H229b, NL 1098 XG Amsterdam NL **
** PHS1 Room C4.032, Paul-Henri Spaaklaan 1, 6229 EN, Maastricht **
** Phone: +31 20 5922179, keybase.io: dlg, Signal username: davidg.01 **
** PGP: 0xD80134C2 308E076A FP: 2facebea12803ba145685a21d80134c2308e076a **
The preview of IGTF release 1.135 is now available for final review from
the URL below, with a scheduled release date of Monday 5 May:
https://dl.igtf.net/distribution/tests/PMA-PRIVATE-PREVIEW/releases/1.135/
It is a special one, since in this release - finally - the default package
signing key will change to the 4th generation RSA 2048 GPG key. This may
lead to questions form downstream sites for our relying parties. Additional
information has been added to the changelog for this.
Changes from 1.134 to 1.135
---------------------------
(5 May 2025)
* Withdrawn discontinued HPCI CA (JP)
NOTE: the _default_ package signing key has changes to the 4th generation
for increased security and compatibility. The new key is a 2048 bit
RSA with fingerprint 565F4528EAD3F53727B5A2E9B055005676341F1A.
The GPG public key file can be retrieved from
https://dl.igtf.net/distribution/current/GPG-KEY-EUGridPMA-RPM-4
and imported on rpm-based distributions with 'rpmkeys --import <file>'
or on Debian (apt) based systems set in Signed-By in sources.list or
added as a file in /etc/apt/trusted.gpg.d/
This change was first announced in the 1.122 release (August 2023),
but a distribution signed with the generation-3 key remains available.
A signature of the gen-4 key signed by the gen-3 GPG key is available
from https://dl.igtf.net/distribution/current/ for validation.
The planned release date to EGI and major relying parties, as well as the
public IGTF release, is planned for Monday May 5th.
Best,
DavidG.
--
David Groep
** Nikhef, Dutch National Institute for Subatomic Physics, PDP programme **
** Maastricht University, FSE - Department of Advanced Computing Sciences **
** Visiting address: Science Park 105 room H229b, NL 1098 XG Amsterdam NL **
** PHS1 Room C4.032, Paul-Henri Spaaklaan 1, 6229 EN, Maastricht **
** Phone: +31 20 5922179, keybase.io: dlg, Signal username: davidg.01 **
** PGP: 0xD80134C2 308E076A FP: 2facebea12803ba145685a21d80134c2308e076a **
David Groep
May 22, 2025, 2:11:56 PM5/22/25
to All IGTF Members (igtf-general), Christian Søttrup
Hi all,
The next IGTF trust anchor release (PKIX targets) is scheduled for June 2nd,
and the preview of this 1.136 is now available for review from the usual
(private) URL below:
https://dl.igtf.net/distribution/tests/PMA-PRIVATE-PREVIEW/releases/1.136/
Changes from 1.135 to 1.136
---------------------------
(2 June 2025)
* Added new CESNET CA Gen5 hierarchy and new off-line Root 2 (CZ)
* a new version of the generation-4 package signing key is now included that
uses a SHA-256 digest function for its self-signature. Fingerprint and key
material is otherwise identical: 565F4528EAD3F53727B5A2E9B055005676341F1A.
Further updates can be added until early next week.
The next IGTF trust anchor release (PKIX targets) is scheduled for June 2nd,
and the preview of this 1.136 is now available for review from the usual
(private) URL below:
https://dl.igtf.net/distribution/tests/PMA-PRIVATE-PREVIEW/releases/1.136/
Changes from 1.135 to 1.136
---------------------------
(2 June 2025)
* Added new CESNET CA Gen5 hierarchy and new off-line Root 2 (CZ)
* a new version of the generation-4 package signing key is now included that
uses a SHA-256 digest function for its self-signature. Fingerprint and key
material is otherwise identical: 565F4528EAD3F53727B5A2E9B055005676341F1A.
Further updates can be added until early next week.
Reply all
Reply to author
Forward
0 new messages