Package: general
Severity: important
Tags: security
Hi.
Not sure if there is already some concentrated effort, but I think
there should be one, i.e.:
---
To disable crypto algorithms and protocols per default, which are
known to be no longer secure, across Debian.
And ideally, to default to
Christoph Anton Mitterer wrote:
For git it's e.g. quite clear that it's use of SHA1 *is* security
relevant.
I've talked about this with the git developers before, and while they
seemed to have some ideas for how to handle a conversion to a different
hash, they're not keen on doing it until
On Wed, 2014-10-15 at 15:18 -0400, Joey Hess wrote:
I've talked about this with the git developers before, and while they
seemed to have some ideas for how to handle a conversion to a different
hash, they're not keen on doing it until forced by SHA1 being more
broken than it is now.
Well,...
On Wed, 2014-10-15 at 20:25 +0100, Jonathan Dowland wrote:
There are a number of mechanisms for proposing and tracking distro-wide
changes, such as release goals and DEPs in some cases. But this is not what
the
general bug is for. Please choose something and then kindly close this bug.
Well
* Christoph Anton Mitterer:
Not sure if there is already some concentrated effort, but I think
there should be one, i.e.:
Fedora is currently working on this:
https://fedoraproject.org/wiki/Changes/CryptoPolicy
However, it is an ongoing effort to make applications adhere to the
system
Joey Hess writes (Bug#765512: general: distrust old crypto algos and protocols
perdefault):
Instead, it makes sense to adapt workflows that do not trust git hashes,
which mostly means making signed tags and commits, and checking the
signatures. This is something Debian could improve in many
6 matches
Mail list logo