Package: dirmngr Version: 2.1.18-8 Severity: wishlist File: /usr/share/gnupg/sks-keyservers.netCA.pem
I noticed that the SKS keyserver network CA certificate uses SHA1 for the fingerprint. Since browser vendors are phasing out SHA1 certs, the SKS keyserver network should probably do that too. $ openssl x509 -in /usr/share/gnupg/sks-keyservers.netCA.pem -text -noout | grep -i sha1 Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dirmngr depends on: ii adduser 3.115 ii libassuan0 2.4.3-2 ii libc6 2.24-12 ii libgcrypt20 1.7.8-2 ii libgnutls30 3.5.14-2 ii libgpg-error0 1.27-3 ii libksba8 1.3.5-2 ii libldap-2.4-2 2.4.45+dfsg-1 ii libnpth0 1.5-2 ii lsb-base 9.20161125 Versions of packages dirmngr recommends: ii gnupg 2.1.18-8 Versions of packages dirmngr suggests: pn dbus-user-session <none> ii libpam-systemd 234-2 ii pinentry-gnome3 1.0.0-2 ii tor 0.3.0.9-1 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
