Summary: | Mirror list is signed with SHA1 | ||
---|---|---|---|
Product: | Pakfire | Reporter: | Peter Müller <peter.mueller> |
Component: | Base | Assignee: | Michael Tremer <michael.tremer> |
Status: | CLOSED FIXED | QA Contact: | Peter Müller <peter.mueller> |
Severity: | Security | ||
Priority: | - Unknown - | ||
Version: | unspecified | ||
Hardware: | all | ||
OS: | All | ||
See Also: |
https://bugzilla.ipfire.org/show_bug.cgi?id=11345 https://bugzilla.ipfire.org/show_bug.cgi?id=11539 |
Description
Peter Müller
2018-03-03 21:33:57 UTC
I changed the digest algorithm from SHA1 to SHA512 since all systems should support this anyway. We will soon re-sign all packages. Lists are already updated and new packages will be signed with the new algorithm. We do NOT encrypt packages. We only sign them. Compression is now removed, too since this is implemented in the packages now and was quite slow. Fixed. Thanks very much. :-) |