Kali Linux warns of update failures after losing repo signing key

Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/linux/kali-linux-warns-of-update-failures-after-losing-repo-signing-key/

ONE SENTENCE SUMMARY:

Offensive Security advises Kali Linux users to manually install a new repository signing key after losing the previous key.

MAIN POINTS:

1. Offensive Security lost the Kali Linux repository signing key, requiring a replacement key.
2. Users with the old key experience update failures due to key verification errors.
3. The repository was temporarily frozen on February 18th to minimize user impact.
4. OffSec issued a new signing key (ED65462EC8D5E4C5) signed by Kali developers.
5. Users must manually download and install the new key to resolve the issue.
6. The recommended command to fetch the new key is provided clearly by OffSec.
7. Checksums and instructions for verifying the new keyring are available from OffSec.
8. Users uncomfortable updating keys manually can reinstall Kali using updated images.
9. This incident mirrors a similar 2018 event when Kali’s GPG key expired.
10. Regular updating of Kali Linux keyrings is essential to prevent update mismatches.

TAKEAWAYS:

1. Regularly update Kali Linux systems to avoid key mismatches and repository issues.
2. Follow official instructions carefully when manually updating repository signing keys.
3. Verify new repository keys using provided checksums to ensure authenticity.
4. Consider reinstalling Kali Linux from updated images if unsure about manual key updates.
5. Maintain awareness of Kali Linux communications to promptly handle security-related updates.