On 01.07.2015 06:13 PM, Mihai Moldovan wrote:
> BUT we do sign the packages with an 2048 bit RSA key. While this is 
> not a bad idea per se, I've read that RHEL5's rpm only supports 1024 
> bit RSA or DSA keys...
> 
> 
> Looks like I have to create an 1024 bit subkey, upload that to the 
> keyservers, put it into the Debian keyring, add it to 
> http://packages.x2go.org/pub.key and sign all RHEL 5 packages with 
> that weak one?

Created a VM and tested this hunch with one package. Looks like I was right. Will update the buildscript now and re-sign manually for now...


Mihai