> > after re-reading this thread, I'm still unclear on some issues. Please > > correct me if I'm wrong. > > > > - The plan is to patch the Fedora package to remove support for some > > algorithms above and beyond what upstream is removing right now. > > Upstream has never removed an algorithm. Hopefully the Fedora changes > will allow us to do so, both by providing the code, and by showing that > the fallout isn't catastrophic. > > > - Current implementation in F29 does not warn that those algorithms > > will become unimplemented. > > > > - Because of the combination of two previous points, users who simply > > upgrade to F30 without paying attention will have to temporarily > > downgrade to the F29 version, perform key roll-over, and only then > > upgrade. > > That's not a consequence of the previous two points but is nontheless > true. > > > If this understanding is correct, this seems like a trap for the unwary. > > So is keeping any of these algorithms around. Maybe a middle ground can be found here: - remove support for legacy algorithms - let it blow in production in a helpful manner - provide legacy algorithms support for key roll-over only For the last point, that could either be a version of the library outside of the default library path, or a static program dedicated to that task. This way you pull the rug under the users' feet but you don't break their legs in the process. And maybe this is something that should be discussed upstream before making such a change in Fedora so they finally have a means to remove legacy algorithms and still offer an upgrade path towards proper crypto for existing installations. Dridi _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
