On Wed, 2023-03-01 at 19:39 -0600, John Morris wrote: > > Second solution is to revert Fedora's new paranoia that will detonate > any old package. "sudo update-crypto-policies --set LEGACY" and get on > with life for another Fedora release cycle... then the madmen will break > things again. It is a cryptoweenie thing, break anything more than a > few years old while autistically screeching "but it is INSECUUUURE!" "Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible." That was from *2017*. https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-completely-unsafe.html -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@xxxxxxxxxxxxx https://www.happyassassin.net _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
