[pkg-gnupg-maint] Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]
Ian Jackson
ijackson at chiark.greenend.org.uk
Sat Jul 27 22:40:00 BST 2019
Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]"):
> My understanding is this was true in the days of v3 keys/fingerprints
> but is not the case for v4. If we get to the point we find a collision
> then that's a SHA1 issue that's going to cause bigger issues.
It would be good to prepare for changing the fingerprint hash
function. Would including these parameters do that ? I think it
would, provided that "hash-algo" is in fact the algorithm used for the
fingerprint hash.
An alternative, perhaps, is to leave this out now, and intend to
introduce a `fingnerprintv5' value later.
Ian.
--
Ian Jackson <ijackson at chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
More information about the pkg-gnupg-maint
mailing list