Currently, our repository is signed with a 1024 bit DSA key. Key rotation is necessary because 1024-bit DSA keys are now considered weak and no longer approved for digital signatures.
We will replace our GPG key with an RSA 4096 bit key. Additionally, we will (re-)sign both, the repository as a whole, and all packages with the new key. Re-signed existing package files will be moved in order to avoid checksum mismatches.
Since the documentation was not changed for downloading the key (e.g. Ubuntu - Icinga 2) is there a need to use the new package or is it fine to just update the key using wget and the existing url https://packages.icinga.com/icinga.key?