On 7/9/21 11:45 AM, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/Sqlite_SHA-1 == Summary == Removal of deprecated crypto algorithm SHA-1 from sqlite. == Owner == * Name: [[User:odubaj| Ondrej Dubaj]] * Email: odubaj@xxxxxxxxxx == Detailed Description == The use of SHA-1 is no longer permitted for Digital Signatures or authentication in RHEL-9. Due to this reason, there is a need to remove SHA-1 extension from sqlite in RHEL-9 and therefore also Fedora. The removal of the extension was discussed with sqlite upstream development, who confirmed, that it is safe to remove it and should not impact other functionality of sqlite. == Benefit to Fedora == This change brings update in terms of removing usage of deprecated crypto algorithms as users should not use them. Also it keeps Fedora project up-to-date with the newest RHEL release, what is beneficial for future releases.
Why is this a remove proposal and not a default disabling via crypto policies. Will RHEL-9 remove SHA1 code from Java and other developer tools too instead of the current default disabled?
== Scope == * Proposal owners: ** Prepare patch for removing SHA-1 algorithm from sqlite ** Discuss the possible issues with upstream ** Push the changes to Fedora * Other developers: Do not use SHA-1 algorithm in sqlite * Release engineering: No further coordination is required for this change * Policies and guidelines: No guidelines need to be updated according to this change * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: == Upgrade/compatibility impact == SHA-1 algorithm will not be supported in sqlite. Instead SHA-3 algorithm can be used. == How To Test == No special testing is required for this change. == User Experience == Users won't be able to use SHA-1 algorithm with sqlite. Instead, they can use SHA-3 algorithm, or any other supported algorithm. == Dependencies == == Contingency Plan == * Contingency mechanism: moving this change to Fedora 36, if not successfully finished until Fedora 35 branching from Rawhide * Contingency deadline: Fedora 35 branching from Rawhide (2021-08-10) * Blocks release? No == Documentation == Sqlite documentation: https://www.sqlite.org/docs.html Discussion with upstream about removing SHA-1 algorithm: https://sqlite.org/forum/forumpost/de1c4a92f3
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
