Server Version#: 1.27.1.5916
Player Version#: -
Hi,
installing the latest plexmediaserver RPMs raises issues on current systems with decent security policy, because the packages are signed with legacy RSA/SHA1 signatures (depreacted by default in EL9-based OS or Fedora 35+).
$ rpm -Kv plexmediaserver-1.27.1.5916-6b0e31a64.x86_64.rpm
plexmediaserver-1.27.1.5916-6b0e31a64.x86_64.rpm:
Header V4 RSA/SHA1 signature, key ID 3adca79d: OK
Header SHA1 digest: OK
V4 RSA/SHA1 signature, key ID 3adca79d: OK
MD5 digest: OK
Not that I really have trust issues with the packages and of course it is possible to work around this issue: re-sign the packages with own key, switch to legacy policy (if this is really an option), disable signature checks or use an additional container layer with less-strict policy.
The compatibility statement is “Fedora (27+) / CentOS (7+) / SUSE (15+)”, so using e.g. RSA/SHA256 or RSA/SHA512 signatures should not break backwards compatibility. Would be great if a signature update could be considered for future releases.
Cheers,
Stefan
