Bug#1028961: dpkg: reverts to using insecure cryptographic algorithms by default

On Wed, 2023-01-25 at 21:44:27 +, James Addison wrote: > Package: dpkg > Version: 1.21.18 > Followup-For: Bug #1028961 > > Are SHA224 and SHA384 used widely by dpkg and/or Debian? I'd expect all (?) signatures for packaging artifacts in Debian to be SHA512. This change sets an explicit prefer

Bug#1028961: dpkg: reverts to using insecure cryptographic algorithms by default

Package: dpkg Version: 1.21.18 Followup-For: Bug #1028961 Are SHA224 and SHA384 used widely by dpkg and/or Debian?

Bug#1028961: dpkg: reverts to using insecure cryptographic algorithms by default

On Sun, 2023-01-15 at 11:45:20 +0100, Ansgar wrote: > Package: dpkg > Version: 1.21.13 > Severity: serious > Tags: security > X-Debbugs-Cc: Debian Security Team > dpkg 1.21.13 introduced passing "--openpgp" to GnuPG by default […]. This > causes GnuPG to use insecure cryptographic algorithms like

Bug#1028961: dpkg: reverts to using insecure cryptographic algorithms by default

Package: dpkg Version: 1.21.13 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team Hi, dpkg 1.21.13 introduced passing "--openpgp" to GnuPG by default due to some conflict between the dpkg maintainer and gnupg upstream. This causes GnuPG to use insecure cryptographic algorithms l