RPM Repository not FIPS compliant

Hi All

When will the this config be FIPS compliant

The file:/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG is not FIPS compliant, it
seems to only use 1024 bit and must use at least 2048 bit

# pgpdump /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG

Old: Public Key Packet(tag 6)(418 bytes)
Ver 4 - new
Public key creation time - Tue Jan 8 22:59:38 CET 2008
Pub alg - DSA Digital Signature Algorithm(pub 17)
DSA p(1024 bits) - ...
DSA q(160 bits) - ...
DSA g(1023 bits) - ...
DSA y(1023 bits) - ...
Old: User ID Packet(tag 13)(62 bytes)
User ID - PostgreSQL RPM Building Project
<pgsql-pkg-yum(at)postgresql(dot)org>
Old: Signature Packet(tag 2)(120 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key
packet(0x13).
Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2)
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - 68 c9 e2 b9 1a 37 d1 36 fe 74 d1 76 1f 16 d2 e1 44
2d f0 f8
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Sat May 1 00:23:13 CEST 2021
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Flag - This key may be used for authentication
Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - Triple-DES(sym 2)
Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
Hash alg - SHA512(hash 10)
Hash alg - SHA384(hash 9)
Hash alg - SHA256(hash 8)
Hash alg - SHA224(hash 11)
Hash alg - SHA1(hash 2)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x1F16D2E1442DF0F8
Hash left 2 bytes - fc b2
DSA r(160 bits) - ...
DSA s(155 bits) - ...
-> hash(DSA q bits)
Old: Public Subkey Packet(tag 14)(525 bytes)
Ver 4 - new
Public key creation time - Tue Jan 8 22:59:38 CET 2008
Pub alg - ElGamal Encrypt-Only(pub 16)
ElGamal p(2048 bits) - ...
ElGamal g(3 bits) - ...
ElGamal y(2048 bits) - ...
Old: Signature Packet(tag 2)(73 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Tue Jan 8 22:59:38 CET 2008
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to encrypt communications
Flag - This key may be used to encrypt storage
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x1F16D2E1442DF0F8
Hash left 2 bytes - 2b 87
DSA r(160 bits) - ...
DSA s(160 bits) - ...
-> hash(DSA q bits)

---
[pgdg15]
name=PostgreSQL 15 for RHEL / Rocky $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/15/redhat/rhel-$releasever-$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG
repo_gpgcheck = 1
---

Please update, this is really hurting the security.

--
Med Venlig Hilsen / Kind Regards

Mikkel Kruse Johnsen
Adm. Dir., Medejer

XMedicus Systems ApS
Gladsaxevej 363
2860 Søborg

Telefon: +45 8883 6000
Direkte: +45 8883 6001
Support: +45 8883 6009
e-mail: mikkel(at)xmedicus(dot)com
web: https://www.xmedicus.com