Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160

To: debian-devel@lists.debian.org
Subject: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
From: Wouter Verhelst <wouter@debian.org>
Date: Fri, 24 Feb 2017 15:38:57 +0100
Message-id: <[🔎] 20170224143857.sossexkweiml5tft@grep.be>
In-reply-to: <87y3wyt2f8.fsf@deep-thought.43-1.org>
References: <87y3wyt2f8.fsf@deep-thought.43-1.org>

On Wed, Feb 22, 2017 at 09:07:23PM +0100, Ansgar Burchardt wrote:
> The archive no longer accepts uploads signed using the SHA-1

Yay!

(https://shattered.io is fun)

> or RIPE-MD/160 algorithms.

Uhh? AFAIK, RIPEMD160 is not compromised at all, not even in a
theoretical attack. Why was this part of the decision taken?

(there is a theoretical attack against RIPEMD, but that is not the same
thing as RIPEMD160)

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
       people in the world who think they really understand all of its rules,
       and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
  - From: Peter Palfrader <weasel@debian.org>
- Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: sane chromium default flags - include --enable-remote-extensions
Next by Date: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
Previous by thread: Re: Bug#856033: ITP: brailleimg -- produce text images and graphs abusing Braille glyphs
Next by thread: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
Index(es):
- Date
- Thread