severity 514578 wishlist retitle 514578 Please document deprecated RSA-MD2/MD5 in NEWS/README thanks
I have read through this bug, and as far as I can tell all the reported problems are things working as intended, i.e., untrusted RSA-MD5 signatures should cause failures. There is one remaining concern: Alexandra suggested we add something about NEWS/README about this. I agree with that, but can't come up with particular wordings. FWIW, the manual has explained the issue for many years already: http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures I'm downgrading this as a wishlist bug and retitling it appropriately. Let me know if you still have some problem not related to RSA-MD? signatures. Below is a summary of the discussion. Thanks, /Simon Gábor Gombás: Problem diagnosed to be caused by a RSA-MD5 cert in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#35 Hermann Lauer: Confirmed an untrusted RSA-MD5 signatures: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#15 Alexandra N. Kossovsky: Suggests in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#30 that we should add something to NEWS/README about this. Brian May: Reports a problem in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#45 but it mysteriously disappeared in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#120 Chess Griffin: Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#55 resolved in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#100 Jiri.Solc Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#70 unanswered question in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#75 Witold Baryluk Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#140 resolved in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#165 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
