GitLab extends Omnibus package signing key expiration to 2028 | Endigest
GitLab
Get the latest tech trends every morning
Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
GitLab announces the extension of its Omnibus package signing key expiration from Feb. 14, 2026 to Feb. 16, 2028.
- •The GPG key signs all Omnibus packages built in CI pipelines to ensure they have not been tampered with
- •The key is extended rather than rotated to avoid disruption, as rotation would require all users to replace their trusted key
- •This key is separate from the repository metadata signing key used by apt/yum and the GitLab Runner GPG key
- •Action is only required if you explicitly verify Omnibus package signatures; standard package manager installs are unaffected
- •The updated public key can be found on GPG keyservers by searching for [email protected] or key ID 98BF DB87 FCF1 0076 416C 1E0B AD99 7ACC 82DD 593D
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Google Cloud
AWS