Package: debarchiver Version: 0.10.5 Severity: normal Tags: security
Hi. Not sure how easy this can be done, but debarchiver should allow to reject weak crypto alog uploads, including: - signatures on the dsc/etc. files being uploaded that use a too weak digest-algo for the signture itself - a too weak certificate signature algos, i.e. the algo used for the key/uid and subkey binding signatures of the keys that are being trusted as uploaders - .dsc/etc. files that contain too weak Cheksum entries, e.g. MD5 os SHA1 only. Thanks, Chris.