Control: tags -1 + confirmed On Sun, 2015-08-16 at 13:43 +0200, Stefan Fritsch wrote: > Please review ssl-cert_1.0.32+deb7u1 for inclusion in oldstable. The > main change is switching from sha1 to sha256 for new certificates > because browsers start marking sha1 as insecure.
I'm assuming that tools in wheezy either cope with SHA256 or have corresponding bugs about fixing that. > ssl-cert (1.0.32+deb7u1) wheezy; urgency=medium > > * Switch to SHA2 for newly generated certificates. Closes: #733255, #773815 #773815 should get a fixed version, rather than being tagged squeeze +wheezy with version tracking that claims it affects unstable. > * Set umask to make sure that the generated key is not world-readable > for a short timespan while make-ssl-cert runs. Closes: #780828 Looks reasonable; please go ahead. Regards, Adam
