Hi Christoph Good suggestions. I'll see what I can do. Patches are as always welcome.
// Ola On Mon, May 23, 2016 at 10:06 PM, Christoph Anton Mitterer <cales...@scientia.net> wrote: > Package: debarchiver > Version: 0.10.5 > Severity: normal > Tags: security > > > Hi. > > Not sure how easy this can be done, but debarchiver should allow to reject > weak crypto alog uploads, including: > - signatures on the dsc/etc. files being uploaded that use a too weak > digest-algo for the signture itself > - a too weak certificate signature algos, i.e. the algo used for the key/uid > and subkey binding signatures of the keys that are being trusted as > uploaders > - .dsc/etc. files that contain too weak Cheksum entries, e.g. MD5 os SHA1 > only. > > > Thanks, > Chris. -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
