Am 2016-05-18 um 15:20 schrieb Daniel Pocock:
Can anybody comment on how Debian users will be impacted by SHA-1 deprecation? In particular: - will libraries like OpenSSL and GnuTLS continue to support it in stretch and beyond? - will web servers like Apache support it in server certificates or certificate chains? - will web servers and other applications accept client certificates containing SHA-1 hashes? - if support for SHA-1 is being removed or disabled by default, will it also be disabled in security updates to jessie and wheezy LTS?
Besides these issues; has anyone ever thought of deprecating md5sum-s in package headers and using sha256sums instead? That would be of great help for tools like debsums or https://www.elstel.org/debcheckroot.
