* Daniel Pocock:

> However, are such issues at the discretion of package maintainers and
> upstream, or is it useful to have a uniform Debian approach to
> cryptographic strength?

Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in several
places, notably for key fingerprints.  If there's a uniform strength
requirement, we need some weasel words that GnuPG remains compliant.

It's also unclear if SHA-256 or SHA-512 is stronger, and if either
really is that much better than SHA-1.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87bo6rnxt8....@mid.deneb.enyo.de

Reply via email to