On Sat, Jul 27, 2019 at 10:40:00PM +0100, Ian Jackson wrote: > Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag > signer info in .dsc [and 1 more messages]"): > > My understanding is this was true in the days of v3 keys/fingerprints > > but is not the case for v4. If we get to the point we find a collision > > then that's a SHA1 issue that's going to cause bigger issues. > > It would be good to prepare for changing the fingerprint hash > function. Would including these parameters do that ? I think it > would, provided that "hash-algo" is in fact the algorithm used for the > fingerprint hash. > > An alternative, perhaps, is to leave this out now, and intend to > introduce a `fingnerprintv5' value later.
A v5 fingerprint is SHA256 based and 32 bytes (64 ASCII characters) long. J. -- Beware of programmers carrying screwdrivers. This .sig brought to you by the letter X and the number 23 Product of the Republic of HuggieTag