On Thu, June 17, 2010 18:39, Daniel Leidert wrote:
> This issue is only present in Debian stable/Lenny. Version 1.4.10 of
> GnuPG prefers SHA-256 over SHA-1. My question to the security team:
> Should this be backported to Lenny? I don't have a patch for this atm -
> we need to search the upstream
Hi,
This issue is only present in Debian stable/Lenny. Version 1.4.10 of
GnuPG prefers SHA-256 over SHA-1. My question to the security team:
Should this be backported to Lenny? I don't have a patch for this atm -
we need to search the upstream VCS.
Regards, Daniel
--
http://bugs.debian.org/55945
reassign 559458 gnupg
thanks
Hi,
> As sha1 will be used by default to sign messages when a key is created,
> kgpg is continuing to use what is now considered a weak/not as strong
> method of signing. A key should use perhaps SHA2 to sign messages (by
> default).
kgpg doesn't set its own default
Package: kgpg
Severity: normal
As sha1 will be used by default to sign messages when a key is created, kgpg is
continuing to use what is now considered a weak/not as strong method of
signing. A key should use perhaps SHA2 to sign messages (by default).
-- System Information:
Debian Release: 5.0
4 matches
Mail list logo
