* Daniel Pocock: > However, are such issues at the discretion of package maintainers and > upstream, or is it useful to have a uniform Debian approach to > cryptographic strength?
Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in several places, notably for key fingerprints. If there's a uniform strength requirement, we need some weasel words that GnuPG remains compliant. It's also unclear if SHA-256 or SHA-512 is stronger, and if either really is that much better than SHA-1. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87bo6rnxt8....@mid.deneb.enyo.de