Index of /distribution/egi/ca-policy-egi-cam-1.140-1-GPSK3

[ICO]NameLast modifiedSize
[PARENTDIR]Parent Directory  -
[DIR]RPMS/2026-03-25 15:17 -
[DIR]SRPMS/2026-03-25 15:17 -
[DIR]dists/2026-03-25 15:17 -
[DIR]meta/2026-03-25 15:17 -
[DIR]repo-files/2026-03-25 15:17 -
[DIR]repodata/2026-03-25 15:17 -
[DIR]tgz/2026-03-25 15:17 -
[ ]GPG-KEY-EUGridPMA-RPM-32026-03-25 15:17 889
[ ]GPG-KEY-EUGridPMA-RPM-42026-03-25 15:17 1.8K
[ ]GPG-KEY-EUGridPMA-RPM-4R12026-03-25 15:17 1.8K
[TXT]release.xml2026-03-25 15:17 78 

European Grid Infrastructure EGI Trust Anchor release 1.140         2026.03.30

------------------------------------------------------------------------------
   For release DOCUMENTATION available on this EGI Trust Anchor release see   
        the EGI operations manual HOWTO-01 at https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.140-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.140-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.139 to 1.140
---------------------------
(30 March 2026)

* Added server TLS specific trust hierarchy for eMudhra joint trust (IN)

NOTE: this will be the last release to include a build with Gen3 GPG 
  package signatures.
  This release also deprecates SSLeay and OpenSSL 0.x series subject name 
  hashes in the trust anchor directory (i.e. based on the MD5 encoding of the
  binary encoding of the subject distinguised name). These will be removed 
  after August 2026. For reference, systems distributions dependent hereon 
  reached end of support in 2020 (RHEL5 ELS) or 2016 (for Debian 6 "Squeeze").

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian)  have been incorporated in the above-
mentioned meta-packages.  This release is best enjoyed with  fetch-crl v3  or 
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance
---------------------------------------------
If a Community or e-Infrastructure registration service is accredited by EGI
to meet the approved authentication assurance level, also an IGTF "DOGWOOD" 
accredited Authority, used in combination with such a service, is sufficient. 
HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details.

  TECHNICALLY THIS MEANS ...
   that you must ONLY install the new ca-policy-egi-cam packages if you ALSO
   at the same time implement VO-specific authorization controls in your
   software stack. This may require reconfiguration or a software update.
  OTHERWISE
   just ONLY install or update the regular ca-policy-egi-core package. There 
   are no changes in this case. The ca-policy-egi-core package is approved for
   all VOs membership and assurance models. No configuration change is needed.

Version information: ca-policy-egi-combined-adequacy-model = 1.140-1