Re: GPG Workshop during DebCamp
Hi,
On Fri, 2024-07-26 at 14:08 +0900, Justus Winter wrote:
> In the OpenPGP ecosystem, we have seen that people think that if GnuPG
> accepts an artifact, then it must be okay to emit such an artifact. As
> you can see [0], GnuPG still accepts SHA1-based signatures. And, we
> have seen big players [1][2] use SHA-1 in their signing keys.
>
> 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
> 1: https://github.com/microsoft/linux-package-repositories/issues/47
> 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19
>
> We considerably improved the situation by rejecting these signatures,
> even though that caused a considerable amount of pain in the short term.
Recently on debian-vote@ it was pointed out repeatedly that SHA-1 is
still a perfectly secure hash algorithm for many applications (probably
just as MD5).
If Debian already relies on SHA-1 to be a cryptographic strong hash,
there is probably no reason to not accept SHA-1 signatures nor for
hashes other than SHA-1 in Packages/Sources indices (or even just MD5
to save space).
Currently dak already has code to reject SHA-1 signatures, but maybe we
should also remove that given SHA-1-based signatures are trusted by
other parts as well.
Ansgar
Reply to: