[Pkg-puppet-devel] Bug#620739: Bug#620739: closed by Stig Sandbeck Mathisen <ssm at debian.org> (key length increased in puppet 2.7.12)
Stig Sandbeck Mathisen
ssm at debian.org
Sun Mar 25 13:19:31 UTC 2012
Bastian Blank <waldi at debian.org> writes:
> And what about the hash? Any help in replacing unsafe existing
> certificates?
Your bug was merged with one just mentioning the key length, and when
that was closed, this was closed as well. Sorry about that.
I have unmerged the bugs, and will keep this one open until the puppet
default hash is feeling better. :)
To update the bug: Puppet Labs is working on the default hash. There's
an bug at https://projects.puppetlabs.com/issues/8120, and a pull
request with code at https://github.com/puppetlabs/puppet/pull/195
- Just changing the default hash seems to be rather easy
- Making it configurable is not that hard, either
- Maintaining backwards compatibility with clients is harder. I think
this is what still blocks the issue.
- The filebucket will need a relayout, or "fsck", since it uses md5
directly in the storage paths.
--
Stig Sandbeck Mathisen
More information about the Pkg-puppet-devel
mailing list