[Rpm-maint] [rpm-software-management/rpm] Phasing out obsolete crypto in rpm (#1292)
Panu Matilainen
notifications at github.com
Tue Jan 5 11:40:01 UTC 2021
Okay, in that case we agree :smile:
I think the "nice" way of killing v3 support is letting the obsolete crypto those packages use make it effectively uninstallable due to being unverifiable. That would actually already be the case, if it wasn't for the MD5 header+payload digest being the only available non-signature means of verification for the payload in much of rpm 4.x too, all the way up to < 4.14. It's configurable already though.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1292#issuecomment-754584228
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210105/c00b929a/attachment.html>
More information about the Rpm-maint
mailing list