Ben Cotton kirjoitti 29.8.2022 klo 21.30:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning2
== Summary ==
Cryptographic policies will be tightened in Fedora ''38''-39,
SHA-1 signatures will no longer be trusted by default.
Fedora ''38'' will do a "jump scare", introducing the change but then
reverting it in time for Beta.
Test your setup with TEST-FEDORA39 today and file bugs in advance so
you won't get bit by Fedora ''38''-39.
To test this, I did enable TEST-FEDORA39 on my system, first installed
as Fedora 24, now running 36. For some rpm and dnf operations, I get the
following kind of errors:
error: rpmdbNextIterator: skipping h# 740
Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
I first noticed this with 'dnf upgrade', simplified to 'dnf reinstall
glibc', perhaps the best reproduces is 'rpm -qa > /dev/null'.
Regardless of these errors, all the commands work as expected. Still I
wonder, is it expected that old installations will see, and keep seeing,
these errors after distrusting SHA-1?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
