[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#765512: general: distrust old crypto algos and protocols perdefault

Christoph Anton Mitterer wrote:
> For git it's e.g. quite clear that it's use of SHA1 *is* security
> relevant.

I've talked about this with the git developers before, and while they
seemed to have some ideas for how to handle a conversion to a different
hash, they're not keen on doing it until forced by SHA1 being more
broken than it is now.

I think that's a pity, especially because they could be adding a more
secure hash to git now, and use both hashes, and avoid a massive flag
day later.

Anyway, Debian obviously cannot go it on its own and change the hash
used by git, we need git to be useful for the things people use git for.

Instead, it makes sense to adapt workflows that do not trust git hashes,
which mostly means making signed tags and commits, and checking the
signatures. This is something Debian could improve in many areas, I'm

In general, I think that Debian needs to identify upstreams that are
being proactive about dropping old crypto algos, and those that are not.
Major browsers, openssh upstream, etc are going to be more on top of
this than we are, and make better decisions. Web servers probably have
user pressure to keep old crypto available, in order to support broken
clients that some users care about, and Debian might be able to improve
the defaults in such cases.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: