On Wed, 2021-07-14 at 14:13 -0400, Paul Wouters wrote: > On Mon, 12 Jul 2021, Simo Sorce wrote: > > > > SQLite is a general-purpose tool. Not every use of SHA-1 is > > > cryptographically relevant. Most uses in the context of SQLite probably > > > aren't, so the removal just annoys users for no good reason. > > > > Note that this is a Sqlite decision, from RHEL engineering we only > > requested the removal in digital signatures and where integrity > > protection is required for security. > > Also note that we do not require full removal, just that SHA-1 is not > > used unless users intentionally change configuration. > > How does this affect users of NSS who have created "default" databases, > eg using certutil -N ? Do these use SHA1? If so, can they be migrated > to SHA2? Automatically ? I do not think this feature is used by NSS, CCing Bob. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
