On Thu, 30 Jan 2020, Matus UHLAR - fantomas wrote:
On 29.01.20 15:21, Kevin A. McGrail wrote:
>Correct, it's a policy issue. ASF Projects must stop providing SHA-1
>signatures and we negotiated that deadline.
On Thu, Jan 30, 2020 at 10:44:09AM +0100, Matus UHLAR - fantomas wrote:
do you mean, not having updates is better than using sha-1?
On 30.01.20 11:55, Henrik K wrote:
People using legacy SA versions are at risk from multiple vulnerabilities.
Doesn't hurt making them upgrade to samething sane.
so should I understand that as a force move "upgrade or don't get upates"?
are you aware that some distro maintainers prefer to backport security fixes
to former versions to prevent from functional surprises?
Then they would presumably backport the SHA-256 checksum handling, as
it is a security issue...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
2 days until the 17th anniversary of the loss of STS-107 Columbia
