Fedora (42) <fedora-42-primary@fedoraproject.org> GPG key not listed on https://fedoraproject.org/security

,
Importing PGP key 0x105EF944:
 Userid     : "Fedora (42) <fedora-42-primary@fedoraproject.org>"
 Fingerprint: B0F4950458F69E1150C6C5EDC8AC4916105EF944
 From       : file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-42-x86_64
Is this ok [y/N]:

No it’s not OK because this key is not listed on Fedora keeps you safe | The Fedora Project

It’s not that bad, don’t worry, /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-42-x86_64 is provided by fedora-gpg-keys-41-0.3.noarch package, and this package is signed with Fedora (41) fedora-41-primary@fedoraproject.org key, which I trust.

Should I open a ticket to ask for Fedora keeps you safe | The Fedora Project to be updated ?

Fedora 42 will be release in about 6 months time and the docs I expect to be updated before the release.

The current release is 40 and 41 will be released in the next few months.

1 Like

Rawhide has started distributing packages signed with F42 key. The page Fedora keeps you safe | The Fedora Project is not up to date for Rawhide, nor F41.

If the page is not the canonical source of trust anchor for Fedora GPG keys, what is it ?

Yes, please file a ticket with release engineering and they’ll be able to update the page:

https://pagure.io/releng/issues

https://pagure.io/releng/issue/12270

2 Likes