Re: Landing a larger-than-release change (distrusting SHA-1 signatures)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alexander Sosedkin <asosedkin@xxxxxxxxxx> writes:

> Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
>
>> Perhaps a useful first step is to just modify the three main
>> crypto libs (gnutls, openssl, and nss) to send a scary warnihg
>> message to stderr/syslog any time they get use of SHA1 in a
>> signature. Leave that active for a release cycle and see how
>> many bug reports we get.
>
> I left my crystal ball at home today,
> but I don't need it to say it'd be ~0 bugs filed if we log to syslog
> and ~3 if we log to stderr/stdout, all named
> "$CRYPTOLIB has no business messing up my stderr/stdout",

It's clear you want SHA-1 gone, but the way you've written this maybe
isn't conveying what you wan, as it sounds like you're also unwilling to
process the bugs that result requesting its removal.  (If you, who want
it gone, aren't willing to participate in that, why should maintainers
care?)

As I understood the proposal, it would be for the crypto lib to log a
message like:

   [timestamp] /usr/bin/firefox used DEPRECATED SHA-1 invocation

This is similar to what happened for /var/run: sure, it was annoying to
basically everyone involved, but the bugs also went to the relevant
packages.

> which we'll promptly close by reverting the changes.

I don't see why you'd do that instead of reassigning to the appropriate
packages or (better) helping them migrate.

Be well,
--Robbie

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux