Hi Ben, Ben Cotton <bcotton@xxxxxxxxxx> wrote:
Within Fedora package set, this has no impact as everything is already using sufficiently strong crypto. Third party repositories / packages could be signed with insecure crypto, and those may require working around with --nosignature. However this incidentally overlaps with https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning2 which has effectively the same effect on rpm.
Note that the StrongCryptoSettings3Forewarning2 proposal recently failed to gather enough votes to be accepted, so it will likely not be happening (or not in this form) for Fedora 38. Additionally, crypto-policies would have supported switching to LEGACY to allow installation of non-conforming RPMs, so you should at least provide a method to also install such old RPMs, ideally while still verifying the old SHA-1 signature rather than ignoring it completely. HTH, Clemens -- Clemens Lang RHEL Crypto Team Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
