Bug#825123: debarchiver: release files generated by debarchiver use weak digest algos in signatures

Christoph Anton Mitterer Mon, 23 May 2016 13:04:24 -0700

Package: debarchiver
Version: 0.10.5
Severity: grave
Tags: security
Justification: renders package unusable



Hi.

It seems that the Release/etc. files generated by debarchiver
use SHA1 as signature algorithm.

aptitude/etc. in sid no longer accept these weak algos per default
and reject such repos.

Please switch to SHA512... and ideally make the used algo configurable
for those who think SHA512 is to costly for them and want to use
something lower.

Thanks,
Chris.

Bug#825123: debarchiver: release files generated by debarchiver use weak digest algos in signatures

Reply via email to