Re: Fedora Linux 38 blocker status summary

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 03, 2023 at 04:02:43PM -0500, Stephen Smoogen wrote:
> On Fri, 3 Mar 2023 at 15:56, Ben Cotton <bcotton@xxxxxxxxxx> wrote:
> > 2. crypto-policies —  Insecure installed RPMs (like Google Chrome)
> > prevent system updates in F38, can't be removed  — NEW
> > ACTION: Upstream to implement MR #129
> >
> >
> > 2. crypto-policies — https://bugzilla.redhat.com/show_bug.cgi?id=2170878
> > — NEW
> > Insecure installed RPMs (like Google Chrome) prevent system updates in
> > F38, can't be removed
> >
> > Some third-party repos (including Google Chrome) that sign packages
> > with SHA-1 cannot be uninstalled, which breaks upgrades. This was
> > designated a blocker by FESCo. Work is in progress upstream to allow
> > RPM to permit SHA-1 in the default policy while third-party repos
> > update to a supported hash function:
> >
> > https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/129
> 
> I think the issue is 'larger' than SHA-1. Google Chrome and some other 3rd
> party software seem to be signed with keys which are both SHA1 and DSA
> keys. Either one of these would cause the problem with not being able to
> update/uninstall/etc and since one is a checksum and the other is an
> encryption type need possibly different solutions.

Yes. People are aware of this. Merge request 129 had to go as far as
allowing DSA1024 :(

Zbyszek
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux