ROS Signing key expiracy

Hugal31 · May 19, 2025, 8:02am

Hello,

The package signing key for ROS 1 & 2 is to be expired in two weeks. When is the new key supposed to be rolled out? The sooner the better, as it will allow users more time to swap the key file and avoid service disruption.

ROS PMC talked about a ros-archive-keyring package, and there is this ros-apt-source repository containing the key with an updated expiracy date. When the package is due to be released? Will it be released for ROS1 as well?

claraberendsen · May 19, 2025, 9:22pm

Hi @Hugal31, we are releasing the package this week with the corresponding migration and docs updates.
It will be both for ROS 1 (Noetic) and ROS 2, the supported OS are documented here.
I will link the migration docs on this thread once they are published.

claraberendsen · May 26, 2025, 9:47pm

Following up here, it took me a bit longer but the migration guide is up!

Topic		Replies	Views
Post-mortem: ROS GPG Key Expiration Incident ROS General	0	1695	June 4, 2021
ROS signing key migration guide ROS General	44	5830	June 11, 2025
Key rotation for ROS 2 apt repositories ROS General ros2 , ardent , bouncy , crystal	2	8478	June 7, 2019
ROS GPG Key Expiration Incident ROS General gpg , incident	47	50969	June 17, 2021
Key for downloading ros2 source showing expired ROS General	8	6273	May 29, 2021

ROS Signing key expiracy

Related topics