[pkg-gnupg-maint] considering updates for the next stretch point release
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Oct 28 13:40:04 UTC 2017
Hi all--
I'm starting to accumulate bugfixes and safe/sane improvements for the
next point release of debian stable (stretch). This work is happening
on the "stretch" branch in
https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git.
So far, i've added two changes:
commit 1c35044571dba16990cad1c2d2585629e1cc4514 (HEAD -> stretch, gdo/stretch)
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sat Oct 28 15:25:18 2017 +0200
Update crypto defaults for 2018 (new keys are RSA 3072, prefer AES256)
NIST recommends using only 3072-bit keys (or larger) by 2020. Keys
generated in 2018 are likely to be in use for at least another two
years. We should be deploying stronger keys earlier.
We also move to the stronger AES256 by default. Users with
particularly constrained machines can always choose a weaker cipher if
they want to, but the default preference should be the strongest
cipher we have available. Peers who don't have AES256 available can
still of course use one of the other ciphers that we announce support
for.
commit aa378e9cbdcc5a8ece8e48d020c7456a57b4105c
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sat Oct 28 15:13:13 2017 +0200
block trivial access to scdaemon memory (Closes: #878952)
If there are other narrowly-targeted bugfixes or cleanup that belong in
the next point release of stretch, please propose them (or just add them
to the stretch branch).
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20171028/6b7f1d89/attachment.sig>
More information about the pkg-gnupg-maint
mailing list