X2Go Bug report logs - #1030
Repository signing uses weak digest algorithm (SHA1)

Package: packages.x2go.org; Maintainer for packages.x2go.org is x2go-dev@lists.x2go.org;

Reported by: Christian Kreidl <debian@chk.cksf.de>

Date: Tue, 26 Apr 2016 12:20:02 UTC

Severity: normal

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #12 received at 1030@bugs.x2go.org (full text, mbox, reply):

Received: (at 1030) by bugs.x2go.org; 8 Jul 2016 09:40:24 +0000
From mike.gabriel@das-netzwerkteam.de  Fri Jul  8 11:40:22 2016
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 34DD45DDF5
	for <1030@bugs.x2go.org>; Fri,  8 Jul 2016 11:40:22 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id WFbiclDoikdj for <1030@bugs.x2go.org>;
	Fri,  8 Jul 2016 11:40:15 +0200 (CEST)
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 53ED55DDD0
	for <1030@bugs.x2go.org>; Fri,  8 Jul 2016 11:40:15 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [IPv6:2a01:4f8:131:20c1:5254:ff:fe24:f0dd])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id E025FB0B;
	Fri,  8 Jul 2016 11:40:14 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 1DD0D400C8;
	Fri,  8 Jul 2016 11:40:14 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QaT93lGlfQV3; Fri,  8 Jul 2016 11:40:07 +0200 (CEST)
Received: from das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id B88A9400C6;
	Fri,  8 Jul 2016 11:40:00 +0200 (CEST)
Received: from listrac.informatik.uni-kiel.de
 (listrac.informatik.uni-kiel.de [134.245.252.114]) by
 mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 08 Jul 2016
 09:40:00 +0000
Date: Fri, 08 Jul 2016 09:40:00 +0000
Message-ID: <20160708094000.Horde.pxMVD0BwJTL3RgjFwFvVOFp@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Christian Kreidl <debian@chk.cksf.de>, 1030@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1030: Repository signing uses weak digest
 algorithm (SHA1)
In-Reply-To: <571F5B3D.9070504@chk.cksf.de>
User-Agent: Horde Application Framework 5
Accept-Language: de,en
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 134.245.252.114
X-Remote-Browser: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101
 Firefox/38.0 Iceweasel/38.7.1
Content-Type: multipart/signed; boundary="=_hPkQreWo9wgu-iPm1cN2S7d";
 protocol="application/pgp-signature"; micalg=pgp-sha256
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
Control: close -1

On  Di 26 Apr 2016 14:12:45 CEST, Christian Kreidl wrote:

> Package: packages.x2go.org
>
> Hi!
>
> Repository signing with SHA1 is deprecated in testing:
>
> http://packages.x2go.org/debian/dists/stretch/InRelease: Signature by key
> 972FD88FA0BAFB578D0476DFE1F958385BFE2B6E uses weak digest algorithm (SHA1)
>
> Please update your configuration to use SHA256:
> https://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro#Generating_GnuPG_keys
>
> Thanks!

Done. Actually, digest-algo is now SHA512.

Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Dec 2 01:22:19 2021; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.