Passenger GPG signing key does not use a modern hash algorithm #25
Description
Hi there,
We have the following issue on RHEL 9:
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
It would be great if the Phusion signing key was signed with SHA256 instead of SHA1 so we don't have to disable gpgcheck for this repository. The packages should also be signed rather than just the metadata, ideally for all of CentOS 7, 8, and 9.
Thanks!