Hi Leon, > On 24. Jun 2023, at 19:44, Leon Fauster via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > >> I will also point out that CentOS Stream is perfectly suitable for >> production use, and I would argue it provides a differentiated > > Nope, its not perfect for production use. Just an example of _many_: > > https://bugzilla.redhat.com/show_bug.cgi?id=2184640 Apologies for this particular one. We thought we had everything covered in this area, but we messed up and our tests didn’t catch this before it exploded into our faces. Rest assured it wasn’t because we were trying to use the community as guinea pigs; we ourselves were surprised by the fallout, and have been working internally with the maintainers of our signing keys to get this resolved. That work is still ongoing, but we will probably delay disabling SHA-1 in PGP use until CentOS Stream 10/RHEL 10. -- Clemens Lang RHEL Crypto Team Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
