GitLab is rotating the GNU Privacy Guard key used to sign Omnibus Linux packages as part of their standard security practices. The key rotation is scheduled to take place on April 16, 2025, and it ensures the integrity of packages by verifying they have not been tampered with. The new key has a fingerprint of 98BF DB87 FCF1 0076 416C 1E0B AD99 7ACC 82DD 593D and will be used to sign upcoming packages. The existing key is being revoked, and packages published before the key rotation will remain signed with the previous key. Users who validate the GPG signatures of GitLab Omnibus packages need to update their copy of the package signing key. The package signing key is separate from the repository metadata signing key used by operating system package managers. No action is required to continue installing GitLab Omnibus packages unless users specifically verify package signatures or have configured their package manager to do so. The new key can be downloaded from packages.gitlab.com, and users can find more information about verifying package signatures in the documentation. If users encounter problems, they can open an issue in the omnibus-gitlab issue tracker for assistance. The key rotation is an important security measure to ensure the integrity and authenticity of GitLab Omnibus packages.