Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]"): > My understanding is this was true in the days of v3 keys/fingerprints > but is not the case for v4. If we get to the point we find a collision > then that's a SHA1 issue that's going to cause bigger issues.
It would be good to prepare for changing the fingerprint hash function. Would including these parameters do that ? I think it would, provided that "hash-algo" is in fact the algorithm used for the fingerprint hash. An alternative, perhaps, is to leave this out now, and intend to introduce a `fingnerprintv5' value later. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.