European Grid Infrastructure EGI Trust Anchor release 1.135         2025.05.05

------------------------------------------------------------------------------
For DOCUMENTATION on using EGI Trust Anchors see HOWTO01: https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.135-1 with Classic, SLCS and MICS profiles, encoded in
meta-package "ca-policy-egi-core-1.135-1" (new installs) and "lcg-CA-1.135-1"
(for sites upgrading from EGEE/JSPG releases).

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.134 to 1.135
---------------------------
(5 May 2025)

* Updated SlovakGrid trust anchor with extended validity (SK)
* Withdrawn discontinued HPCI CA (JP)

NOTE: the _default_ package signing key has changed to the 4th generation
      for increased security and compatibility. The new key is a 2048 bit
      RSA with fingerprint 565F4528EAD3F53727B5A2E9B055005676341F1A.
      The GPG public key file can be retrieved from
        https://dl.igtf.net/distribution/current/GPG-KEY-EUGridPMA-RPM-4
      and imported on rpm-based distributions with 'rpmkeys --import <file>'
      or on Debian (apt) based systems set in Signed-By in sources.list or
      added as a file in /etc/apt/trusted.gpg.d/

      This change was first announced in the 1.122 release (August 2023),
      but a distribution signed with the generation-3 key remains available.
      A signature of the gen-4 key signed by the gen-3 GPG key is available
      from https://dl.igtf.net/distribution/current/ for validation.

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian)  have been incorporated in the above-
mentioned meta-packages.  This release is best enjoyed with  fetch-crl v3  or 
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Please review the documentation for the new software that will be needed
to support differentiated assurance and the Collaborative Assurance Model.
We ask for your support in implementing the requisite changes, and deploy
new trust anchor meta-packages and the new local policies only in unison.

Version information: ca-policy-egi-core = 1.135-1