Re: Intention to tighten RPM crypto-policy back

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Kevin Kofler via devel wrote:
> I am still opposed, because it is still a backwards-incompatible change that 
> breaks existing repositories (such as my Calcforge one)

Backwards-incompatible changes are often made far too nonchalantly.
This is not one of those cases. When it comes to cryptographic
algorithms, backwards-incompatible changes are necessary from time to
time. Cryptanalysis always progresses, and quantum computers loom at
the horizon. Secure algorithms do not remain secure (except for One-
Time Pad, which is mathematically proven but quite impractical).

Maybe there will some day be a set of cryptographic algorithms that are
mathematically proven to be secure for all eternity (and more practical
than One-Time Pad). Until that day comes, all software, including your
Calcforge repository, must be prepared to replace algorithms as needed.

> just so that someone can tick a checkbox on some "security" checklist.

As a packager you are responsible for all Fedora users' security. If
you behave as if security is nothing but a pointless checklist, then
you put all of our computers in jeopardy. An attacker who breaches
your computer will be able to inject malware into Fedora through your
packages. It is your duty to take security seriously as long as you
have commit privileges to any Fedora packages.

Björn Persson

Attachment: pgpxxa5W98OYS.pgp
Description: OpenPGP digital signatur

devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam, report it:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux