Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-104911

Include PQC signing public key in default keyring

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.1.z
    • None
    • redhat-release
    • None
    • None
    • rhel-arr-emerging
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      SIGNSERVER-2009 tracks creating a new key pair with a post-quantum part, which we are going to use to sign RPMs. As soon as this key has been created (at the moment, targeted for early October, although we'll certainly try to get it done earlier if we can), it should be packaged in redhat-release similar to the existing /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release key, ideally with an automated mechanism that imports the PQC key into users' keyrings (if that's something we typically do by default, I don't know how exactly this is set up).

      This is a prerequisite for signing of RPMs with this post-quantum signing key, which we want to finish before the end of 2025.

      See also RHELBU-2538, which tracks the entire feature.

              tdawson@redhat.com Troy Dawson
              cllang@redhat.com Clemens Lang
              Troy Dawson Troy Dawson
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: