Hi Daniel,
On Sat, May 9, 2009 17:37, Daniel Kahn Gillmor wrote:
> SHA-1 is significantly weakened, and we should be strongly encouraging
> new certifications to be something stronger (SHA-256 at least) [0]. Caff
> should do this automatically.
> something like:
>
> # $CONFIG{'cert-digest-algo'} = 'SHA256';
>
> would be a Good Thing.
I'm not so sure about this. I think you campaign to prepare us for SHA-1
becoming too weak is definately useful. However, caff does not set the
cert-digest-algo for GnuPG anywhere explicitly. We just rely on gnupg's
defaults. The right solution to this issue seems to me to update GnuPG's
default instead of applying a workaround at the caff level. Are you having
any progress in getting GnuPG upstream to do such a thing?
cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
