Re: F41 Change Proposal: Make OpenSSL distrust SHA-1 signatures by default (system-wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Vitaly Zaitsev via devel wrote on Sun, Jun 09, 2024 at 09:15:56AM +0200:
> On 08/06/2024 00:43, Aoife Moloney wrote:
> > OpenSSL will no longer trust cryptographic signatures using SHA-1 by
> > default, starting from Fedora 41.
> 
> What about Git? AFAIK, AFAIK, Git heavily uses both SHA-1 and SHA-2 to
> validate objects and commits.

git does not use OpenSSL to compute the hash, so nothing should change
as far as I understand this

(..and from a quick look at recent release notes it'll be a while longer
until we can see a transition, the support for sha256 commit ids has
been implemented a while ago but "Work to support a repository that work
with both SHA-1 and SHA-256 hash algorithms has stated" in git 2.45 (29
Apr 2024);
right now a repo that wants to use sha256 needs to select that at git
init time and pull/push won't work with something using sha1... and all
forges like github refuse push if you try sha256.
So some conversion path for existing repos and platforms support must
come first, and there is none of that yet afaics, with work on the
former that apparently just started)

-- 
Dominique Martinet | Asmadeus
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux