Hi,
According to output pasted below it seems that the GPG key used to sign
installation media has expired 2021-04-03. Why is new installation ISO signed 7
days ago with a key that has been expired for almost 6 months? Is this correct?
My main question though is if this iso is authentic?
$ ll -h ovirt-node-ng-installer-4.4.8-2021090310.el8.iso*
-rw-r--r--. 1 fredde fredde 1.9G Oct 1 14:48
ovirt-node-ng-installer-4.4.8-2021090310.el8.iso
-rw-r--r--. 1 fredde fredde 32 Oct 1 14:48
ovirt-node-ng-installer-4.4.8-2021090310.el8.iso.md5sum
-rw-r--r--. 1 fredde fredde 490 Oct 1 14:48
ovirt-node-ng-installer-4.4.8-2021090310.el8.iso.md5sum.sig
$ gpg --list-keys oVirt
pub rsa2048 2014-03-30 [SC] [expired: 2021-04-03]
31A5D7837FAD7CB286CD3469AB8C4F9DFE590CB7
uid [ expired] oVirt <[email protected]>
$ gpg --verify-files *.sig
gpg: assuming signed data in
'ovirt-node-ng-installer-4.4.8-2021090310.el8.iso.md5sum'
gpg: Signature made Thu 23 Sep 2021 02:41:24 PM CEST
gpg: using RSA key AB8C4F9DFE590CB7
gpg: Good signature from "oVirt <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 31A5 D783 7FAD 7CB2 86CD 3469 AB8C 4F9D FE59 0CB7
$ cat *.md5sum
e75ac6f671c666140a205e6eab3d0c4a
$ md5sum ovirt-node-ng-installer-4.4.8-2021090310.el8.iso
e75ac6f671c666140a205e6eab3d0c4a
ovirt-node-ng-installer-4.4.8-2021090310.el8.iso
BR
/F
_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/CEIRQ7SJPXEZIY5IX475DKKITXF3QTKM/
