gpg: out of core handler ignored in FIPS mode
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: key 328DA867450F89EC: 10 duplicate signatures removed
gpg: key 328DA867450F89EC: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
You can see here https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf that DSA is only acceptable with a FIPS approved hash function until February 2024, when it will no longer be supported. I see in the SIGNATURE file in https://cpan.org/authors/id/A/AN/ANDK/CPAN-2.34.tar.gz that it appears the hash algorithm used is RIPEMD160, which is not a FIPS support hash algorithm. However, I don't see anything about it being insecure, just that it's not approved by FIPS.
You can enable fips mode on centos 9 with
Running
gpg --keyserver hkp://pgpkeys.eu --recv-key 2E66557AB97C19C791AF8E20328DA867450F89ECoutputsYou can see here https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf that DSA is only acceptable with a FIPS approved hash function until February 2024, when it will no longer be supported. I see in the SIGNATURE file in https://cpan.org/authors/id/A/AN/ANDK/CPAN-2.34.tar.gz that it appears the hash algorithm used is RIPEMD160, which is not a FIPS support hash algorithm. However, I don't see anything about it being insecure, just that it's not approved by FIPS.