On Thu, Oct 28, 2021 at 11:17 AM Justus Winter <jus...@sequoia-pgp.org> wrote: > > Panu Matilainen <pmati...@redhat.com> writes: > > >> https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5 > >> > >> - accepts MD5 signatures !!! > >> > >> https://tests.sequoia-pgp.org/rpmsop.html#Signature_over_the_shattered_collision > >> > >> - accepts SHA1 signatures !!! > > > > Rpm needs to be able to work with content from the nineties, when MD5 > > was still the hottest thing around, ditto with SHA1. > > Contemporary versions of RPM need to work with content from the > nineties? I find that hard to believe. >
I still sometimes deal with RPMs created in the early 2000s, it's not terribly hard to believe people wind up working with older stuff. Lots of old Linux games were released as RPMs back in the 90s too. > > At least openssl backend supports FIPS mode, which is where these get > > rejected as expected nowadays. > > FIPS mode as in /proc/sys/crypto/fips_enabled? Or is there another > mechanism for openssl or RPM? What about the security of systems that > are not in FIPS mode? > > In my opinion, these signatures should be rejected by RPM. If working > with nineties material is really a thing, the user should explicitly > opt-into these unsafe algorithms. > I believe Panu has been adding (or already has added?) a knob to RPM specifically for that purpose. But upstream RPM still defaults to permitting them, though some downstreams may have changed this behavior (I think RHEL did, for example). -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint