Hi,
Am 14. April 2025 13:43:20 MESZ schrieb Justus Winter <jus...@sequoia-pgp.org>:
>René Engelhard <r...@rene-engelhard.de> writes:
>
>> If you divert /usr/bin/gpg, IMHO you need to behave like gpg.
>
>gpg doesn't behave like gpg. Just look at all the version-specific
>hacks in GPGME if you don't take my word for it. (...)
I believe you...
>> This includes accepting what gpg accepts.
>
>What gpg accepts is unacceptable. Just to provide some context, here is
>the second paragraph of https://en.wikipedia.org/wiki/SHA-1
>
> Since 2005, SHA-1 has not been considered secure against well-funded
> opponents;[11]
I know...
It's still only test keys to test whether signing/verify works, not real world
keys.
But yeah, they need to be updated, will propose upstream. It's definitely too
late for Trixie though, will try to get it upstream for forky.
Regards
René
