Some of the discussion in this bug seems relevant to the GnuPG and GnuPG2 packages in Debian, but the bug is against the archive pseudo-package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657
Can anybody else make any comments: a) should there be more effort to phase out SHA1? b) how is it being approached upstream? Is backwards-compatibility still emphasized to the same extent? c) should this become a general system-wide goal to audit and increase crypto-strength in all parts of jessie / future Debian versions? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
