Hi Peter, > On 11. Jun 2024, at 07:01, Peter Boy <pboy@xxxxxxxxxxxxx> wrote: > >> Am 10.06.2024 um 20:16 schrieb Richard W.M. Jones <rjones@xxxxxxxxxx>: >> >> On Mon, Jun 10, 2024 at 01:43:57PM +0200, Vít Ondruch wrote: >>> I wish this proposal included some examples of what might get broken >>> and what will keep working. I guess I am not the only one who have >>> very vague understanding what is difference between "signatures" and >>> "hashing" or other purposes SHA1 can be used for. >> >> SSH and HTTPS to old machines (even old versions of Fedora & RHEL) and >> to old network equipment and the like will not be possible. >> >> I'm annoyed that this is not just put behind the LEGACY policy, since >> if that's not what "legacy" is for, what _is_ it for? >> >> As an aside, it'd be very nice if policies could be set per-process. >> That would greatly enhance security by allowing specific programs to >> connect to the legacy machines, while maintaining general system >> security. >> >> Anyway, -1 from me. >> >> Rich. > > Anyway, -1 from me, too > > For exactly that reason. Can you elaborate what you would need, in addition to the LEGACY policy (which still allows these connections) and the runcp utility? -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
