Endevor

We would like to bring to your attention a PTF that IBM published on October 15th, which will require validation of the signature on any GIMZIP packages that are SIGNED or bypass validation for any UNSIGNED. When this IBM PTF is applied at your account, you will need to acquire the signing certificate, create a keyring, update JCL and add permissions to SAF resources to bypass the validation.

Currently, we are SIGNING Receive Order and Service Order packages. In addition, any PSWI(s) created after August 25, 2025 will be SIGNED.

Please find below a blog written by Jan Cihlar, our Product Manager for Software Management, that gives more context around the planned changes and describes steps needed to ensure smooth transition.

Immediate Action Required: Secure Your Broadcom Mainframe Software with Digital Package Signing

Let me know if you have any questions.

-------------------------------------------

Can I share this email with clients? Thanks

*Dave Harding *
Client Services Consultant • Mainframe Software Division
Broadcom Software
Mobile 317-403-1740 | dave.harding@broadcom.com


On Thu, Oct 30, 2025 at 8:06 AM Vaclav Brunnhofer via Broadcom <
Mail@broadcom.com> wrote:

> We would like to bring to your attention a PTF that IBM published on
> October 15th, which will require validation of the signature on any
> GIMZIP... -posted to the "Endevor" community
> [image: Broadcom] <https: community.broadcom.com>
> Endevor
> <https: community.broadcom.com mainframesoftware communities community-home digestviewer?communitykey=592eb6c9-73f7-460f-9aa9-e5194cdafcd2>
> Post New Message <broadcom-caendevor@connectedcommunity.org>
> IBM PTF that impacts the download of our SMP/E Packages
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>
> Reply to Group
> <broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp e+packages> Reply
> to Sender
> <https: community.broadcom.com mainframesoftware communities all-discussions postreply?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498&SenderKey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
> [image: Vaclav Brunnhofer]
> <https: community.broadcom.com network members profile?userkey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
> Oct 30, 2025 8:06 AM
> Vaclav Brunnhofer
> <https: community.broadcom.com network members profile?userkey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
>
> We would like to bring to your attention a PTF that IBM published on
> October 15th, which will require validation of the signature on any GIMZIP
> packages that are SIGNED or bypass validation for any UNSIGNED. When this
> IBM PTF is applied at your account, you will need to acquire the signing
> certificate, create a keyring, update JCL and add permissions to SAF
> resources to bypass the validation.
>
> Currently, we are SIGNING Receive Order and Service Order packages. In
> addition, any PSWI(s) created after August 25, 2025 will be SIGNED.
>
> Please find below a blog written by Jan Cihlar, our Product Manager for
> Software Toolkit Plug-in for z/OSMF, that gives more context around the
> planned changes and describes steps needed to ensure smooth transition.
>
> Immediate Action Required: Secure Your Broadcom Mainframe Software with
> Digital Package Signing
> <https: medium.com @jan.cihlar secure-your-broadcom-mainframe-software-with-digital-package-signing-c93d88ef69e4>
>
> Let me know if you have any questions.
>
>
> -------------------------------------------
> *Reply to Group Online
> <https: community.broadcom.com mainframesoftware communities all-discussions postreply?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498>*
> *Reply to Group via Email
> <broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp e+packages>*
> *View Thread
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
> *Recommend
> <https: community.broadcom.com:443 mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&cmd=rate&cmdarg=add#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
> *Forward
> <https: community.broadcom.com mainframesoftware communities all-discussions forwardmessages?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498>*
> *Flag as Inappropriate
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages?markappropriate=0bef2a62-29cf-462b-8710-b8c8df9631d3#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
>
>
>
>
> You are subscribed to "Endevor" as dave.harding@broadcom.com. To change
> your subscriptions, go to My Subscriptions
> <http: community.broadcom.com preferences?section=Subscriptions>. To
> unsubscribe from this community discussion, go to Unsubscribe
> <https: community.broadcom.com higherlogic egroups unsubscribe.aspx?userkey=f0102c8e-2c1c-47ba-9f18-e9e6816f2ae3&sKey=KeyRemoved&GroupKey=6c02d13b-c28e-4794-b86a-c8b767e00498>.
>
>
> Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
> refers to Broadcom Inc. and/or its subsidiaries.
>
> Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
> <https: www.broadcom.com company legal privacy-policy> | Cookie Policy
> <https: www.higherlogic.com legal privacy> | Supply Chain Transparency
> <https: www.broadcom.com company citizenship governance-and-ethics#supply>
> | Terms of Use <http: termsandconditions>
>


Original Message:
Sent: 10/30/2025 8:06:00 AM
From: Vaclav Brunnhofer
Subject: IBM PTF that impacts the download of our SMP/E Packages

We would like to bring to your attention a PTF that IBM published on October 15th, which will require validation of the signature on any GIMZIP packages that are SIGNED or bypass validation for any UNSIGNED. When this IBM PTF is applied at your account, you will need to acquire the signing certificate, create a keyring, update JCL and add permissions to SAF resources to bypass the validation.

Currently, we are SIGNING Receive Order and Service Order packages. In addition, any PSWI(s) created after August 25, 2025 will be SIGNED.

Please find below a blog written by Jan Cihlar, our Product Manager for Software Management, that gives more context around the planned changes and describes steps needed to ensure smooth transition.

Immediate Action Required: Secure Your Broadcom Mainframe Software with Digital Package Signing

Let me know if you have any questions.

-------------------------------------------

</http:></https:></https:></https:></https:></http:></https:></https:></https:></https:></broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp></https:></https:></https:></https:></https:></broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp></https:></broadcom-caendevor@connectedcommunity.org></https:></https:>

Hi David, 

Absolutely, feel free to share this post or the following customer announcement:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/CriticalAlerts/ACTION-REQUIRED--Security-Changes-for-Signed-and-Unsigned-SMP-E-Packages/36236

Kind regards,
Jan

------------------------------
Jan Cihlar
Product Manager
Mainframe Software Management
------------------------------

Original Message:
Sent: Oct 30, 2025 08:10 AM
From: Dave Harding
Subject: IBM PTF that impacts the download of our SMP/E Packages

Can I share this email with clients? Thanks

*Dave Harding *
Client Services Consultant • Mainframe Software Division
Broadcom Software
Mobile 317-403-1740 | dave.harding@broadcom.com


On Thu, Oct 30, 2025 at 8:06 AM Vaclav Brunnhofer via Broadcom <
Mail@broadcom.com> wrote:

> We would like to bring to your attention a PTF that IBM published on
> October 15th, which will require validation of the signature on any
> GIMZIP... -posted to the "Endevor" community
> [image: Broadcom] <https: community.broadcom.com>
> Endevor
> <https: community.broadcom.com mainframesoftware communities community-home digestviewer?communitykey=592eb6c9-73f7-460f-9aa9-e5194cdafcd2>
> Post New Message <broadcom-caendevor@connectedcommunity.org>
> IBM PTF that impacts the download of our SMP/E Packages
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>
> Reply to Group
> <broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp e+packages> Reply
> to Sender
> <https: community.broadcom.com mainframesoftware communities all-discussions postreply?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498&SenderKey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
> [image: Vaclav Brunnhofer]
> <https: community.broadcom.com network members profile?userkey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
> Oct 30, 2025 8:06 AM
> Vaclav Brunnhofer
> <https: community.broadcom.com network members profile?userkey=b089ade1-3a35-4fd2-901b-e26aab8aac70>
>
> We would like to bring to your attention a PTF that IBM published on
> October 15th, which will require validation of the signature on any GIMZIP
> packages that are SIGNED or bypass validation for any UNSIGNED. When this
> IBM PTF is applied at your account, you will need to acquire the signing
> certificate, create a keyring, update JCL and add permissions to SAF
> resources to bypass the validation.
>
> Currently, we are SIGNING Receive Order and Service Order packages. In
> addition, any PSWI(s) created after August 25, 2025 will be SIGNED.
>
> Please find below a blog written by Jan Cihlar, our Product Manager for
> Software Toolkit Plug-in for z/OSMF, that gives more context around the
> planned changes and describes steps needed to ensure smooth transition.
>
> Immediate Action Required: Secure Your Broadcom Mainframe Software with
> Digital Package Signing
> <https: medium.com @jan.cihlar secure-your-broadcom-mainframe-software-with-digital-package-signing-c93d88ef69e4>
>
> Let me know if you have any questions.
>
>
> -------------------------------------------
> *Reply to Group Online
> <https: community.broadcom.com mainframesoftware communities all-discussions postreply?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498>*
> *Reply to Group via Email
> <broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp e+packages>*
> *View Thread
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
> *Recommend
> <https: community.broadcom.com:443 mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&cmd=rate&cmdarg=add#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
> *Forward
> <https: community.broadcom.com mainframesoftware communities all-discussions forwardmessages?messagekey=0bef2a62-29cf-462b-8710-b8c8df9631d3&ListKey=6c02d13b-c28e-4794-b86a-c8b767e00498>*
> *Flag as Inappropriate
> <https: community.broadcom.com mainframesoftware discussion ibm-ptf-that-impacts-the-download-of-our-smpe-packages?markappropriate=0bef2a62-29cf-462b-8710-b8c8df9631d3#bm0bef2a62-29cf-462b-8710-b8c8df9631d3>*
>
>
>
>
> You are subscribed to "Endevor" as dave.harding@broadcom.com. To change
> your subscriptions, go to My Subscriptions
> <http: community.broadcom.com preferences?section=Subscriptions>. To
> unsubscribe from this community discussion, go to Unsubscribe
> <https: community.broadcom.com higherlogic egroups unsubscribe.aspx?userkey=f0102c8e-2c1c-47ba-9f18-e9e6816f2ae3&sKey=KeyRemoved&GroupKey=6c02d13b-c28e-4794-b86a-c8b767e00498>.
>
>
> Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
> refers to Broadcom Inc. and/or its subsidiaries.
>
> Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
> <https: www.broadcom.com company legal privacy-policy> | Cookie Policy
> <https: www.higherlogic.com legal privacy> | Supply Chain Transparency
> <https: www.broadcom.com company citizenship governance-and-ethics#supply>
> | Terms of Use <http: termsandconditions>
>


Original Message:
Sent: 10/30/2025 8:06:00 AM
From: Vaclav Brunnhofer
Subject: IBM PTF that impacts the download of our SMP/E Packages

We would like to bring to your attention a PTF that IBM published on October 15th, which will require validation of the signature on any GIMZIP packages that are SIGNED or bypass validation for any UNSIGNED. When this IBM PTF is applied at your account, you will need to acquire the signing certificate, create a keyring, update JCL and add permissions to SAF resources to bypass the validation.

Currently, we are SIGNING Receive Order and Service Order packages. In addition, any PSWI(s) created after August 25, 2025 will be SIGNED.

Please find below a blog written by Jan Cihlar, our Product Manager for Software Management, that gives more context around the planned changes and describes steps needed to ensure smooth transition.

Immediate Action Required: Secure Your Broadcom Mainframe Software with Digital Package Signing

Let me know if you have any questions.

-------------------------------------------

</http:></https:></https:></https:></https:></http:></https:></https:></https:></https:></broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp></https:></https:></https:></https:></https:></broadcom_caendevor_0bef2a62-29cf-462b-8710-b8c8df9631d3@connectedcommunity.org?subject=re:+ibm+ptf+that+impacts+the+download+of+our+smp></https:></broadcom-caendevor@connectedcommunity.org></https:></https:>