On Mon, 12 Jul 2021, Simo Sorce wrote:
SQLite is a general-purpose tool. Not every use of SHA-1 is
cryptographically relevant. Most uses in the context of SQLite probably
aren't, so the removal just annoys users for no good reason.
Note that this is a Sqlite decision, from RHEL engineering we only
requested the removal in digital signatures and where integrity
protection is required for security.
Also note that we do not require full removal, just that SHA-1 is not
used unless users intentionally change configuration.
How does this affect users of NSS who have created "default" databases,
eg using certutil -N ? Do these use SHA1? If so, can they be migrated
to SHA2? Automatically ?
Paul
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure