European Grid Infrastructure EGI Trust Anchor release 1.136         2025.06.09

------------------------------------------------------------------------------
For DOCUMENTATION on using EGI Trust Anchors see HOWTO01: https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.136-1 with Classic, SLCS and MICS profiles, encoded in
meta-package "ca-policy-egi-core-1.136-1" (new installs) and "lcg-CA-1.136-1"
(for sites upgrading from EGEE/JSPG releases).

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.135 to 1.136
---------------------------
(9 June 2025)

* Added new CESNET CA Gen5 hierarchy and new off-line Root 2 (CZ)
* Withdrawn retired CILogon CAs cilogon-basic and cilogon-silver (US)
* a new version of the generation-4 package signing key is now included that
  uses a SHA-256 digest function for its self-signature. Fingerprint and key
  material is otherwise identical: 565F4528EAD3F53727B5A2E9B055005676341F1A.

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian)  have been incorporated in the above-
mentioned meta-packages.  This release is best enjoyed with  fetch-crl v3  or 
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Please review the documentation for the new software that will be needed
to support differentiated assurance and the Collaborative Assurance Model.
We ask for your support in implementing the requisite changes, and deploy
new trust anchor meta-packages and the new local policies only in unison.

Version information: ca-policy-egi-core = 1.136-1