European Grid Infrastructure EGI Trust Anchor release 1.136 2025.06.09 ------------------------------------------------------------------------------ For DOCUMENTATION on using EGI Trust Anchors see HOWTO01: https://edu.nl/envyq ------------------------------------------------------------------------------ This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA distribution version 1.136-1 with Classic, SLCS and MICS profiles, encoded in meta-package "ca-policy-egi-core-1.136-1" (new installs) and "lcg-CA-1.136-1" (for sites upgrading from EGEE/JSPG releases). The following notices are republished from the IGTF, inasfar as pertinent to this release. Details are found in the newsletter https://www.eugridpma.org/ Changes from 1.135 to 1.136 --------------------------- (9 June 2025) * Added new CESNET CA Gen5 hierarchy and new off-line Root 2 (CZ) * Withdrawn retired CILogon CAs cilogon-basic and cilogon-silver (US) * a new version of the generation-4 package signing key is now included that uses a SHA-256 digest function for its self-signature. Fingerprint and key material is otherwise identical: 565F4528EAD3F53727B5A2E9B055005676341F1A. The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM) and Conflicts/Replaced clauses (Debian) have been incorporated in the above- mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian, and from the IGTF at https://www.igtf.net/fetch-crl Please review the documentation for the new software that will be needed to support differentiated assurance and the Collaborative Assurance Model. We ask for your support in implementing the requisite changes, and deploy new trust anchor meta-packages and the new local policies only in unison. Version information: ca-policy-egi-core = 1.136-1