[Pkg-openssl-devel] Planning the removal of c_rehash | mass bug filling
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu Apr 5 23:22:12 BST 2018
Hi,
the openssl package provides the c_rehash script which creates the links
from XXXXXXXX.Y to the actual certificate in /etc/ssl/certs/. During the
transition from 0.9.8 to 1.0.0 the hash (for the X part) changed from
md5 to sha1. Since that transition in Debian the c_rehash script
provides both symlinks: the old hash (md5) and the new (sha1) one.
The c_rehash script is considered by upstream as a fallback script and
will disappear at some point. The recommended way is to use the "openssl
rehash" command instead which appeared in 1.1.0. This command creates
half that many symlinks (one per certificate instead of two) because it
uses only the sha1 hash. There is also the -compat option which creates
both symlinks (and behaves like c_rehash currently does) but as
explained above it should not be required to use it.
I am planning to fill bugs against 23 packages which use "c_rehash" to
use "openssl rehash" instead. Here is the dd-list of packages I
identified:
Alessio Di Mauro <alessio at yubico.com>
yubico-piv-tool (U)
Antonio Terceiro <terceiro at debian.org>
ruby-openssl (U)
Christian Perrier <bubulle at debian.org>
ca-certificates (U)
Cyril Brulebois <kibi at debian.org>
debian-installer (U)
Cédric Boutillier <boutil at debian.org>
ruby-httparty (U)
Dain Nilsson <dain at yubico.com>
yubico-piv-tool (U)
David Bremner <bremner at debian.org>
racket
Debian AppArmor Team <pkg-apparmor-team at lists.alioth.debian.org>
apparmor
Debian Authentication Maintainers <pkg-auth-maintainers at lists.alioth.debian.org>
yubico-piv-tool
Debian Chromium Maintainers <pkg-chromium-maint at lists.alioth.debian.org>
chromium-browser
Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers at lists.alioth.debian.org>
freeradius
Debian Install System Team <debian-boot at lists.debian.org>
debian-installer
Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
openldap
Debian QA Group <packages at qa.debian.org>
sendmail
Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
ruby-httparty
ruby-openssl
Felix Lechner <felix.lechner at lease-up.com>
wolfssl
Iain R. Learmonth <irl at debian.org>
scapy (U)
scapy3k (U)
Internet Measurement Packaging Team <pkg-netmeasure-discuss at lists.alioth.debian.org>
scapy
scapy3k
intrigeri <intrigeri at debian.org>
apparmor (U)
Josip Rodin <joy-packages at debian.org>
freeradius (U)
Klas Lindfors <klas at yubico.com>
yubico-piv-tool (U)
LaMont Jones <lamont at debian.org>
postfix
Laszlo Boszormenyi (GCS) <gcs at debian.org>
sx
Mark Brown <broonie at debian.org>
xemacs21-packages
Mark Hymers <mhy at debian.org>
freeradius (U)
Markus Wanner <markus at bluegap.ch>
courier
Matthijs Möhlmann <matthijs at cacholong.nl>
openldap (U)
Michael Gilbert <mgilbert at debian.org>
chromium-browser (U)
Michael Shuler <michael at pbandjelly.org>
ca-certificates
Michael Stapelberg <stapelberg at debian.org>
freeradius (U)
Raphael Geissert <geissert at debian.org>
ca-certificates (U)
Riku Voipio <riku.voipio at linaro.org>
chromium-browser (U)
Roger A. Light <roger at atchoo.org>
mosquitto
Ryan Tandy <ryan at nardis.ca>
openldap (U)
Sam Hartman <hartmans at debian.org>
freeradius (U)
Scott Kitterman <scott at kitterman.com>
postfix (U)
Sebastian Reichel <sre at debian.org>
python-paho-mqtt
Sebastien Delafond <seb at debian.org>
mitmproxy
Simon Josefsson <simon at josefsson.org>
yubico-piv-tool (U)
Stephen Gran <sgran at debian.org>
freeradius (U)
Steve Langasek <vorlon at debian.org>
openldap (U)
Tatsuya Kinoshita <tats at debian.org>
wl
wl-beta
Thijs Kinkhorst <thijs at debian.org>
ca-certificates (U)
Torsten Landschoff <torsten at debian.org>
openldap (U)
Sebastian
More information about the Pkg-openssl-devel
mailing list