Currently, our repository is signed with a 1024 bit DSA key. Key rotation is necessary because 1024-bit DSA keys are now considered weak and no longer approved for digital signatures.
We will replace our GPG key with an RSA 4096 bit key. Additionally, we will (re-)sign both, the repository as a whole, and all packages with the new key. Re-signed existing package files will be moved in order to avoid checksum mismatches.
When will it be changed
The key will be changed on September 30, 2024.
Read the full article on icinga.com: