[pkg-gnupg-maint] Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]
Jonathan McDowell
noodles at earth.li
Sat Jul 27 22:47:38 BST 2019
On Sat, Jul 27, 2019 at 10:40:00PM +0100, Ian Jackson wrote:
> Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag signer info in .dsc [and 1 more messages]"):
> > My understanding is this was true in the days of v3 keys/fingerprints
> > but is not the case for v4. If we get to the point we find a collision
> > then that's a SHA1 issue that's going to cause bigger issues.
>
> It would be good to prepare for changing the fingerprint hash
> function. Would including these parameters do that ? I think it
> would, provided that "hash-algo" is in fact the algorithm used for the
> fingerprint hash.
>
> An alternative, perhaps, is to leave this out now, and intend to
> introduce a `fingnerprintv5' value later.
A v5 fingerprint is SHA256 based and 32 bytes (64 ASCII characters)
long.
J.
--
Beware of programmers carrying screwdrivers.
This .sig brought to you by the letter X and the number 23
Product of the Republic of HuggieTag
More information about the pkg-gnupg-maint
mailing list